Hi Alex,
OAuth 2.0 doesn't forbid other params to be present in the response. If
you find such - ignore them.
https://tools.ietf.org/html/rfc6749#section-4.1.2
> The client MUST ignore unrecognized response parameters.
I have a theory why those 3 extra params (scope, authuser, prompt) are
there,
Thank you, Taka!
I will check out the referenced document.
Regards,
Sascha
On Wed., Nov. 4, 2020, 19:15 Takahiko Kawasaki, wrote:
> Hi Sascha,
>
> The change you found in the draft 04 is the change made to the JAR (JWT
> Secured Authorization Request). Now, "client_id" is mandatory. I summariz
Hi All,
While trying out the OAuth 2.0 authorization code grant type with Google, I
got the following response to my registered redirect_uri.
https://localhost:9000/app_uri?*state*=caf324471khs872&%20*code*
=4/5wFzvDar86R-AJWCIE&%20*scope*=profile%20openid%20
https://www.googleapis.com/auth/useri
Hi Sascha,
The change you found in the draft 04 is the change made to the JAR (JWT
Secured Authorization Request). Now, "client_id" is mandatory. I summarized
technical details about JAR in the article below. It describes the reasons
for the necessity of "client_id". PAR is mentioned there, too.
Hi all!
A while ago I implemented draft 00 of this spec:
- https://tools.ietf.org/html/draft-ietf-oauth-par-04
Now, in draft 04, I see that a request to the /authorize endpoint is
defined with client_id and request_uri. The client_id was added since draft
00 (see: https://tools.ietf.org/html/draf
The focus of the IIW session was "Mobile App Impersonation" and what can
be done about it. Obviously moving to Universal Links (iOS) and App
Links (Android) is an important first step but not sufficient on Android
as you point out. Other areas of exploration are around dynamic client
registrati
Thanks George :) That’s a shame, I would have liked to listen to the recording.
My email below was thinking of the OSW interactive sessions (we had about 2
hours of technical discussion on some of the issues with implementing app2app
in practice particularly on Android), but now I’ve looked I th
