types of several values in Authentication Request not defined
Issue #208
new
In this section:
The types for several values seem to be left unstated. This probably doesn’t matter too much in unsigned requests, but does matter in signed requests.
For example, login_hint
is presumably intended to be a string value. (The draft Brazil CIBA spec appears to define it as a JSON object instead.)
Comments (4)
-
-
-
assigned issue to
-
assigned issue to
-
reporter Ahhh. Thanks Brian. I completely missed that part when I was trying to figure this out. That makes the behaviour very clear, thanks. As you hint at it might be good to have It clearer in the previous section perhaps, perhaps we can consider that if there’s an errata version.
-
- changed milestone to Errata
- Log in to comment
Admittedly it’s not spec'd out in the best way but the next section 7.1.1. Signed Authentication Request makes it pretty clear that
login_hint
would be a string.https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1.1