[Openid-specs-ab] proposed POST response type for OAuth/Connect

Brian Campbell bcampbell at pingidentity.com
Thu Oct 17 15:56:03 UTC 2013

As discussed during today's call [1], attached is the pseudo-standard
document I wrote up earlier this year describing an HTTP POST response type
(effectively a POST binding) for OAuth/OIDC.

I know everyone has a lot of docs to read right now but this one is *very*
short and has a good example.

We've found this approach to work well in practice and be easy to implement.

It can be done as a straight extension, as illustrated with this doc, or
could incorporated into core connect.

As John mentioned, the main drawback of this approach is proliferation of
the Response Types registry. Which is kind of ugly but something that no
one will care much about once it's done. It's also more of a consequence of
the response type constructs put forth by OAuth than it is with this
particular extension.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131017/9eb8ca70/attachment-0002.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131017/9eb8ca70/attachment-0003.html>

More information about the Openid-specs-ab mailing list