New Core: 2-Authentication Table bugs

Issue #893 resolved
Nat Sakimura created an issue

Thanks for incorporating the table idea.

IMHO, the Property column needs rework.

I think it should state the purpose / target / goal from the point of view of the implementers: i.e., to be a guidance. Current column is just describing some protocol properties, which seems to have been picked somewhat arbitrarily. Purpose based column such as seems to give a better guidance.

Even if the table was to express only the properties and not the guidance, the value of the rows are a bit buggy.

For example,

"Client is authenticated" should be "Client can be authenticated". Authorization Code Flow does not necessarily mean that the client is confidential.

In the "JavaScript-only Client possible" row, "Code" has "no" as the value, but it is not the case. Obviously, it may not be a good choice but you still can build it in Javascript (whether on the serverside or in the browser). The same applies for "Hybrid" as well.

Comments (3)

  1. Nat Sakimura reporter
    • changed status to open

    You fixed as:

    +   <c>All tokens returned from Authorization Endpoint</c>

    In this row title, "some" does not make sense. Either revert back by removing "All" or change "some" to "no".

  2. Log in to comment