[Openid-specs-ab] [openid/connect] specific response types need to be used in place of "implicit flow" and "code flow" (issue #648)

Brian Campbell issues-reply at bitbucket.org
Tue Sep 4 18:40:17 UTC 2012


--- you can reply above this line ---

New issue 648: specific response types need to be used in place of "implicit flow" and "code flow"
https://bitbucket.org/openid/connect/issue/648/specific-response-types-need-to-be-used-in

Brian Campbell:

The terms "implicit flow" and "code flow" are not defined anywhere in the Connect specs and the way they are defined/used in OAuth doesn't really match up with how they are used in Connect. 

There are some required behaviors now based on the flow being used but there seems to be quite a bit of ambiguity on what the flows really mean. It would be preferable to explicitly state the response type(s) that impact such requirements rather than using the loose terms of implicit and code flow.  

This thread is one example of the confusion/ambiguity:
http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20120903/002350.html


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list