This may be too late to suggest, but I'm feeling that
hint_type request parameters would be better than having a different request parameter per hint type.
The current spec has three request parameters,
login_hint. They represent hints and they must not coexist in a backchannel authentication request.
My suggestion is to abolish the three request parameters and define new
hint_type request parameters as follows:
||An arbitrary string. Its format depends on
By adopting this style, we can:
- make it easy for implementations to ensure that multiple hints are not included in a backchannel authentication request,
- get flexibility in defining and adding hint types,
- avoid adding a new request parameter every time a new hint type is invented in the future, and
- move detailed hint-type-specific descriptions to other section or to other separate spec documents.
See also my comment added to Issue
#71 (CIBA hint validation clarification).