Spec not clear as to which auth flows are supported
Issue #72
closed
e..g Authorization Code Flow, Implicit Flow, Hybrid Flow We should be explicit as to what we support
Comments (10)
-
-
reporter We discussed on the call that I will make a pull request with a clarification
-
- changed status to open
Just waiting for a pull request.
-
Please provide the location where this should be fixed or updated.
-
reporter Actually I think its a bit clearer now:
shall require the response_type values code id_token or code id_token token; shall return ID Token as a detached signature to the authorization response; shall include state hash, s_hash, in the ID Token to protect the state value;
I think we can close this.
-
Going to close this.
-
- changed status to closed
-
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
- Log in to comment
Since we agreed that we need to have both the request and response signed, only the viable flow is the Hybrid Flow.