As for the plus encoding we can choose another char or give an example. On Jul 11, 2011, at 18:07, "Marius Scurtescu" <mscurte...@google.com> wrote:
> If I read section 8.4 correctly it seems that new response types can > be defined but composite values must be registered explicitly. > > I don't think this approach scales too well. OpenID Connect for > example is adding a new response type: id_token. > > id_token can be combined with either code or token and potentially > with both of them, the following combinations must be registered as a > result: > code+id_token > token+id_token > code+token+id_token > > and this assumes that code+token is already registered. > > I think it makes more sense to define response_type as a space > separated list of items, where each item can be individually > registered. I do realize that this complicates things quite a bit (not > we have to define and deal with both composite response_type and the > individual items). > > As a side note, using + as separator could cause lots of problems. If > people naively type "code+toke" it will be decoded as "code token". No > one will remember the hex code for +. > > Marius > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
