The response_type of the example includes id_token and it is the reason I've brought it up. id_token triggers Authentication Request.
# The response_type in the example in Appendix A <http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#FragmentExample> does not include id_token and so I've not mentioned it. Best, Taka 2017-06-26 17:09 GMT+09:00 Philippe Signoret < philippe.signo...@microsoft.com>: > scope=openid is required for OpenID Connect Authentication Requests (e.g. > "3.3.2.1. Authentication Request > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23HybridAuthRequest&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=HO6gAigTdBjgxOhsS41bKLbbl1cUyUugvXBjJ4hwmKE%3D&reserved=0>" > in "OpenID Connect Core 1.0 > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=FrFLKpyHVfZbRw1OsOs7QH%2F2bSrJbJluKnny0X%2FiJxw%3D&reserved=0>"), > but not for an OAuth 2.0 Authorization Request (e.g. "4.1.1. > Authorization Request <https://tools.ietf.org/html/rfc6749#section-4.1.1>" > in "RFC6749 The OAuth 2.0 Authorization Framework > <https://tools.ietf.org/html/rfc6749>"). > > > > OpenID Connect is “an identity layer on top of the OAuth 2.0 protocol”. > OpenID Connect specs will often refer to aspects of the OAuth 2.0 protocol, > but the OAuth 2.0 specs will generally not refer to the OpenID Connect > constructs. (Because OpenID Connect is a specific case of OAuth 2.0.) > > > > Philippe > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Takahiko > Kawasaki > *Sent:* Monday, June 26, 2017 7:46 AM > *To:* oauth@ietf.org > *Subject:* [OAUTH-WG] Example in OAuth 2.0 Multiple Response Type > Encoding Practices > > > > Hello, > > > > I'm not so sure that this is the right place to ask, but I'm wondering > whether it is correct or not that the following non-normative example found > in "5. Definitions of Multi-Valued Response Type Combinations > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Foauth-v2-multiple-response-types-1_0.html%23Combinations&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=A2%2F5R%2FFDSMUN8lthoex%2BAnF3h%2FouQHjXBPhW3Yv5D7M%3D&reserved=0>" > in "OAuth 2.0 Multiple Response Type Encoding Practices > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Foauth-v2-multiple-response-types-1_0.html&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=oax1ui3n46P2n67Mqx14t0458TZjrcw9IUsdCoGsmho%3D&reserved=0>" > does not include "scope=openid". > > > > GET /authorize? > > response_type=id_token%20token > > &client_id=s6BhdRkqt3 > > &redirect_uri=https%3A%2F%2Fclient.example.org > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2F2Fclient.example.org&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=%2BaCAvhV9qt75Cqajdrr84BVG6MRS3747Ux5CsjJtgQE%3D&reserved=0>%2Fcb > > &state=af0ifjsldkj HTTP/1.1 > > Host: server.example.com > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fserver.example.com&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=PoXzHooKqVnYx4pzWD%2B4THUElRZjsUC2TNdMlTrhfiY%3D&reserved=0> > > > > The reason I'm wondering is that "3.3.2.1. Authentication Request > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23HybridAuthRequest&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=HO6gAigTdBjgxOhsS41bKLbbl1cUyUugvXBjJ4hwmKE%3D&reserved=0>" > in "OpenID Connect Core 1.0 > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=FrFLKpyHVfZbRw1OsOs7QH%2F2bSrJbJluKnny0X%2FiJxw%3D&reserved=0>" > requires Authentication Requests be made as defined in "3.1.2.1. > Authentication Request > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23AuthRequest&data=02%7C01%7CPhilippe.Signoret%40microsoft.com%7C7ae0944f524d4655cb6c08d4bc56b163%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340527913704845&sdata=WoKMDXrFJDmvaGHGY8ry8Nn7iG5qliNjqNw8UamnHHg%3D&reserved=0>" > and "3.1.2.1" requires the scope request parameter contain openid. > > > > > > Best Regards, > > Takahiko Kawasaki > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
