[Openid-specs-ab] Review Comments on Multiple Response Types

Breno de Medeiros breno at google.com
Tue Dec 17 23:45:31 UTC 2013


None is used in marketplace scenarios where user approval is initiated by a
container simply to record approval at installation time. The app can
retrieve tokens through consentless auto approval later. It can be used in
any OAuth2 or OIDC app in this scenario.
On Dec 17, 2013 3:34 PM, "Mike Jones" <Michael.Jones at microsoft.com> wrote:

> These review comments have been applied at http://openid.bitbucket.org/.
>  Thanks, as always!  The example you suggested is now live at
> http://openid.bitbucket.org/oauth-v2-multiple-response-types-1_0.html#FragmentExample
> .
>
> 4.  I think Google uses "none" to probe whether an Authorization is still
> valid in contexts where they're not interested in an updated access token.
>  It's not used by OpenID Connect.
>
>                                 -- Mike
>
> -----Original Message-----
> From: Torsten Lodderstedt [mailto:torsten at lodderstedt.net]
> Sent: Wednesday, November 06, 2013 5:49 PM
> To: Openid-specs Ab; Mike Jones
> Subject: Review Comments on Multiple Response Types
>
> Hi Mike,
>
> here are my review comments on Multiple Response Types.
>
> regards,
> Torsten.
>
> 2.1.
>
> "For purposes of this specification, the default Response Mode for the
> OAuth 2.0 code response_type is the query encoding. For purposes of this
> specification, the default Response Mode for the OAuth 2.0 token
> response_type is the fragment encoding." - I would suggest to format code,
> token, query and fragment as key words (instead of response_type), this
> will aid the reader to map the corresponding concepts.
>
> 4. None Response Type
>
> What is this response type used for?
>
> 5.
>
> Example: I think it would make sense to show fragment encoding of a hybrid
> response type including “code”, e.g. "code id_token" in order to show the
> expected default encoding behavior if any fragment encoded artifact is
> present (as described in this section).
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131217/50dcec3d/attachment.html>


More information about the Openid-specs-ab mailing list