Spec not clear as to which auth flows are supported

Comments (10)

1. 

   Nat Sakimura

   Since we agreed that we need to have both the request and response signed, only the viable flow is the Hybrid Flow.

   • 2017-03-02T17:48:34+00:00
2. 

   Dave Tonge reporter

   We discussed on the call that I will make a pull request with a clarification

   • 2017-03-30T11:06:34+00:00
3. 

   Nat Sakimura

   • changed status to open

   Just waiting for a pull request.

   • 2017-04-04T23:25:09+00:00
4. 

   Sascha Preibisch

   Please provide the location where this should be fixed or updated.

   • 2017-04-25T04:43:47+00:00
5. 

   Dave Tonge reporter

   Actually I think its a bit clearer now:

   shall require the response_type values code id_token or code id_token token;
   shall return ID Token as a detached signature to the authorization response;
   shall include state hash, s_hash, in the ID Token to protect the state value;
   

   I think we can close this.

   • 2017-04-26T13:49:27+00:00
6. 

   Nat Sakimura

   Going to close this.

   • 2017-04-26T14:18:17+00:00
7. 

   Nat Sakimura

   • changed status to closed

   • 2017-05-13T12:42:19+00:00
8. 

   Nat Sakimura

   • changed component to Part 2: Advanced

   • 2022-12-14T15:36:06+00:00
9. 

   Nat Sakimura

   • changed component to FAPI 1 – Part 2: Advanced

   • 2022-12-14T15:36:41+00:00
10. 

    Nat Sakimura

    • changed component to FAPI 1: Advanced

    • 2022-12-14T15:38:51+00:00
11. Log in to comment