Hi OAuthers, My apologies if you already discussed this.
When OAuth server received unknown response_type, how should the server handle the error? 1. Show the error to the user without redirecting back to the client 2. Redirect back to the client including the error in query 3. Redirect back to the client including the error in fragment Since choosing 2 or 3 is impossible in this case, 1 seems reasonable for me. -- nov _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
