language in token response may appears to override iidcc

Comments (6)

1. 

   Dave Tonge

   This isn't deliberate. Are you sure it could be misread the way you are saying?

   The language in OIDC 3.1.3.3 is:

   After receiving and validating a valid and authorized Token Request from the Client, the Authorization Server returns a successful response that includes an ID Token and an Access Token. The parameters in the successful response are defined in Section 4.1.4 of OAuth 2.0 [RFC6749]. The response uses the application/json media type.

   I'm not sure how we could word it differently? But open to suggestions

   • 2018-12-14T13:27:04+00:00
2. 

   Dave Tonge

   • changed milestone to CIBA Post-Implementer's Draft

   • 2018-12-14T13:35:59+00:00
3. 

   Joseph Heenan reporter

   The simplest change would be :

   the OpenID Provider returns a successful response as specified in Section 3.1.3.3 of [OpenID.Core].

   (The issue in the current language is it’s not clear if the 3.1.3.3 language refers to the whole response or just the refresh token.)

   • 2018-12-14T13:43:21+00:00
4. 

   Brian Campbell

   • changed milestone to CIBA Implementer's Draft

   • 2018-12-14T20:12:03+00:00
5. 

   Brian Campbell

   • changed status to resolved

   afc5e6c goes with the simplest change as suggested

   • 2018-12-14T20:12:33+00:00
6. 

   Joseph Heenan reporter

   Looks good to me - thanks Brian!

   • 2018-12-14T20:30:40+00:00
7. Log in to comment