[Openid-specs-ab] [openid/connect] Messages 2.1.2.1 and Standard 2.3.1.2 - Inconsistent treatment of OAuth parameters in OpenID request message (issue #575)

Michael Jones issues-reply at bitbucket.org
Thu Apr 19 13:05:04 UTC 2012


--- you can reply above this line ---

New issue 575: Messages 2.1.2.1 and Standard 2.3.1.2 - Inconsistent treatment of OAuth parameters in OpenID request message
https://bitbucket.org/openid/connect/issue/575/messages-2121-and-standard-2312

Michael Jones / mbj on Thu, 19 Apr 2012 15:05:04 +0200:

As reported by Vladimir Dzhuvinov, http://openid.net/specs/openid-connect-standard-1_0-09.html#req_param_method says

"All [...] parameters MUST also be JSON Serialized into the OpenID Request Object with the same values."

whereas http://openid.net/specs/openid-connect-messages-1_0-09.html#OpenID_Request_Object says

"If the same parameters are present both in the Authorization Request and in the OpenID Request Object, the latter takes precedence."

This is both inconsistent and confusing.


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list