Per https://openid.net/specs/openid-connect-core-1_0.html
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0
protocol. It enables Clients to verify the identity of the End-User based
on the authentication performed by an Authorization Server, as well as to
obtain basic profile i
On Thu, Aug 10, 2023 at 4:30 PM Hans Zandbelt
wrote:
> On Thu, Aug 10, 2023 at 9:40 PM George Fletcher 40capitalone@dmarc.ietf.org> wrote:
>
>> Hi Matthias,
>>
>> First, OAuth is about authorization and NOT authentication. If you are
>> concerned with Authentication then this thread should m
I get your points, but still let me ask a stupid question:
Even if (and I can follow your arguments why) it is in general out of
scope, why couldn't it be included into OAuth to avoid such issues at
the core layer that other software is relaying on?
I mean: Of course in a perfect world the au
On Thu, Aug 10, 2023 at 9:40 PM George Fletcher wrote:
> Hi Matthias,
>
> First, OAuth is about authorization and NOT authentication. If you are
> concerned with Authentication then this thread should move to the OpenID
> Connect working group mailing list :)
>
Allow me to set the public record
Hi Matthias,
First, OAuth is about authorization and NOT authentication. If you are
concerned with Authentication then this thread should move to the OpenID
Connect working group mailing list :)
Second, if I'm understanding the problem correctly, the issue is NOT with
OAuth (the protocol) or the