[Openid-specs-ab] Is it SHOULD or MUST?

Brian Campbell bcampbell at pingidentity.com
Tue Jun 4 15:12:25 UTC 2013


I've also got a draft of a POST style response type, FWIW.

It shouldn't be a MUST.  But SHOULD probably isn't right either.  Response
types are terribly confusing (we often use text like "includes the string"
which is convenient but not technically correct) but that ship has sailed.

What I'm suggesting is that OAuth 2.0 Multiple Response Type Encoding
Practices deal with the response type situation. Any normative language in
the other docs is likely only to cause inconsistencies or other problems.


On Tue, Jun 4, 2013 at 9:04 AM, John Bradley <ve7jtb at ve7jtb.com> wrote:

> It was left open to allow a POST message response to be defined in Future.
>  Google has a draft for that but it has not been advanced yet.   So no to
> MUST.
>
> Sent from my iPhone
>
> On 2013-06-04, at 4:28 PM, Brian Campbell <bcampbell at pingidentity.com>
> wrote:
>
> One way or the other it should match up to OAuth 2.0 Multiple Response
> Type Encoding Practices so as not to have inconsistencies in the spec
> suite.
>
> It's maybe better to not have a MUST or SHOULD here at all.
>
>
> On Sat, Jun 1, 2013 at 7:09 PM, Nat Sakimura <sakimura at gmail.com> wrote:
>
>> In the 2nd paragraph of
>> 2.2.6.1.  End-User Grants Authorization
>> of Standard, it states:
>>
>> Note that if the response_type parameter in the Authorization Request
>> includes the string value token or id_token, all response parameters
>> SHOULD be added to the fragment component of the redirection URI.
>> Otherwise, the response parameters are added to the query component of the
>> redirection URI.
>>
>> Is it SHOULD? Is it not MUST?
>> SHOULD means that it can be sent otherwise, e.g., as query string.
>>
>> --
>> Nat Sakimura (=nat)
>> Chairman, OpenID Foundation
>> http://nat.sakimura.org/
>> @_nat_en
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/54e9986b/attachment-0001.html>


More information about the Openid-specs-ab mailing list