[Openid-specs-ab] Updates to the UserInfo Endpoint spec

Nat Sakimura sakimura at gmail.com
Sun Jul 3 14:44:45 UTC 2011


+1

On Sun, Jul 3, 2011 at 11:52 AM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  OAuth doesn’t define any fixed paths.  I don’t think we should either,
> other than the discovery root(s).****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* openid-specs-ab-bounces at lists.openid.net [mailto:
> openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Nat Sakimura
> *Sent:* Friday, July 01, 2011 11:06 PM
> *To:* George Fletcher
> *Cc:* openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] Updates to the UserInfo Endpoint spec****
>
> ** **
>
> Does OAuth 2 define the fixed path? I was thinking /authorize was just an
> example...****
>
> ** **
>
> =nat****
>
> On Sat, Jul 2, 2011 at 9:21 AM, George Fletcher <gffletch at aol.com> wrote:*
> ***
>
> Hi John,
>
> I'm fine with the discovery spec defining the endpoints.. I was thinking
> specifically of something like /userinfo, like the OAuth2 spec defines
> /authorize and /token path portions of the endpoint. Do we want that part
> variable on an implementation by implementation basis?
>
> Thanks,
> George****
>
>
> On 7/1/11 6:39 PM, John Bradley wrote: ****
>
> I think it is better to leave the path to the IdP.   The discovery document
> for the IdP will list the endpoint URL. ****
>
> ** **
>
> I would not assume that the host is necessarily the same as the token or
> other endpoints.****
>
> ** **
>
> John B.****
>
> On 2011-07-01, at 6:28 PM, George Fletcher wrote:****
>
>
>
> ****
>
> Hi,
>
> I updated the text regarding the UserInfo request to say that it is an
> OAuth2 protected resource supporting the Bearer Token spec. I also changed
> the SHOULD to a MUST in the response text requiring the JSON object to
> compile with the specified schema if the schema parameter requests "openid".
> Also did some clean ups in the referenced specs information.
>
> One thing I just noticed is that we don't specify the path of the UserInfo
> endpoint. Do we want to do so?
>
> Thanks,
> George ****
>
>
> <openid-connect-userinfo-1_0.html>_______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab****
>
> ** **
>
> ** **
>
> -- ****
>
> Chief Architect                   AIM:  gffletch****
>
> Identity Services Engineering     Work: george.fletcher at teamaol.com****
>
> AOL Inc.                          Home: gffletch at aol.com****
>
> Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com****
>
> Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch****
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab****
>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en****
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110703/d4e3a2bc/attachment.html>


More information about the Openid-specs-ab mailing list