[Openid-specs-ab] Lite Draft 8
allentomdude at gmail.com
Mon Aug 15 21:42:43 UTC 2011
Thanks for revising the OpenID Connect Lite spec!
Section 2 says that the id_token should be considered opaque, and that RPs
should consult the full Connect spec if they want to process the id_token.
If this is the case, perhaps the id_token should be removed from the Lite
In Section 3, should the example with the multiple scopes use commas to
separate the values?
In Section 3.2.1, it would be helpful to define the example values for scope
(profile, email, address), display (none, touch, mobile), and prompt (login,
Sections 3.2 and 18.104.22.168 - should make it clear that in the implicit flow,
the access token is returned only in the fragment portion of the response.
Sections 3.3, 3.3.1 and 3.3.2 can be removed if id_tokens are removed from
the Lite spec.
Section 4.2 - probably would be useful to specify the resolution and/or
aspect ratio of the profile picture. Here's an example from the Twitter API:
Facebook also has a similar interface to specify the size of the profile
On Thu, Aug 11, 2011 at 11:57 AM, John Bradley <ve7jtb at ve7jtb.com> wrote:
> Updated lite.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab