[Openid-specs-ab] Lite Draft 8

Allen Tom allentomdude at gmail.com
Mon Aug 15 21:42:43 UTC 2011

Hi John,

Thanks for revising the OpenID Connect Lite spec!

Some feedback:

Section 2 says that the id_token should be considered opaque, and that RPs
should consult the full Connect spec if they want to process the id_token.
If this is the case, perhaps the id_token should be removed from the Lite

In Section 3, should the example with the multiple scopes use commas to
separate the values?

In Section 3.2.1, it would be helpful to define the example values for scope
(profile, email, address), display (none, touch, mobile), and prompt (login,
consent, select_account).

Sections 3.2 and - should make it clear that in the implicit flow,
the access token is returned only in the fragment portion of the response.

Sections 3.3, 3.3.1 and 3.3.2 can be removed if id_tokens are removed from
the Lite spec.

Section 4.2 - probably would be useful to specify the resolution and/or
aspect ratio of the profile picture. Here's an example from the Twitter API:



Facebook also has a similar interface to specify the size of the profile



On Thu, Aug 11, 2011 at 11:57 AM, John Bradley <ve7jtb at ve7jtb.com> wrote:

> Updated lite.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110815/24f3125e/attachment.html>

More information about the Openid-specs-ab mailing list