[OAUTH-WG] Example in OAuth 2.0 Multiple Response Type Encoding Practices

Takahiko Kawasaki Sun, 25 Jun 2017 22:47:02 -0700

Hello,

I'm not so sure that this is the right place to ask, but I'm wondering
whether it is correct or not that the following non-normative example found
in "5. Definitions of Multi-Valued Response Type Combinations
<http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations>"
in "OAuth 2.0 Multiple Response Type Encoding Practices
<http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>" does
not include "scope=openid".


  GET /authorize?
    response_type=id_token%20token
    &client_id=s6BhdRkqt3
    &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
    &state=af0ifjsldkj HTTP/1.1
  Host: server.example.com


The reason I'm wondering is that "3.3.2.1. Authentication Request
<http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest>"
in "OpenID Connect Core 1.0
<http://openid.net/specs/openid-connect-core-1_0.html>" requires
Authentication Requests be made as defined in "3.1.2.1. Authentication
Request <http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>"
and "3.1.2.1" requires the scope request parameter contain openid.


Best Regards,
Takahiko Kawasaki

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] Example in OAuth 2.0 Multiple Response Type Encoding Practices

Reply via email to