[Openid-specs-ab] Is it SHOULD or MUST?

John Bradley ve7jtb at ve7jtb.com
Tue Jun 4 15:04:11 UTC 2013


It was left open to allow a POST message response to be defined in Future.  Google has a draft for that but it has not been advanced yet.   So no to MUST. 

Sent from my iPhone

On 2013-06-04, at 4:28 PM, Brian Campbell <bcampbell at pingidentity.com> wrote:

> One way or the other it should match up to OAuth 2.0 Multiple Response Type Encoding Practices so as not to have inconsistencies in the spec suite. 
> 
> It's maybe better to not have a MUST or SHOULD here at all.
> 
> 
> On Sat, Jun 1, 2013 at 7:09 PM, Nat Sakimura <sakimura at gmail.com> wrote:
>> In the 2nd paragraph of 
>> 2.2.6.1.  End-User Grants Authorization
>> 
>> of Standard, it states: 
>> 
>> Note that if the response_type parameter in the Authorization Request includes the string value token or id_token, all response parameters SHOULD be added to the fragment component of the redirection URI. Otherwise, the response parameters are added to the query component of the redirection URI.
>> 
>> Is it SHOULD? Is it not MUST? 
>> SHOULD means that it can be sent otherwise, e.g., as query string. 
>> 
>> -- 
>> Nat Sakimura (=nat)
>> Chairman, OpenID Foundation
>> http://nat.sakimura.org/
>> @_nat_en
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/22629685/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2915 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/22629685/attachment.p7s>


More information about the Openid-specs-ab mailing list