[Openid-specs-ab] A read of Multiple Response Type Encoding Practices

Mike Jones Michael.Jones at microsoft.com
Wed Dec 18 04:55:47 UTC 2013

Thanks, Brian.  These comments are now reflected in the drafts at http://openid.bitbucket.org/ - specifically, http://openid.bitbucket.org/oauth-v2-multiple-response-types-1_0.html and http://openid.bitbucket.org/oauth-v2-form-post-response-mode-1_0.html.

                                                            -- Mike

From: Brian Campbell [mailto:bcampbell at pingidentity.com]
Sent: Wednesday, October 23, 2013 10:24 AM
To: Mike Jones
Subject: A read of Multiple Response Type Encoding Practices

I did read it, draft 10 I think, on the flight out here and jotted down a few notes offline which I'd forgotten to share with you. Until now, so here they are:

---> "form_postIn this mode, response parameters are encoded as HTML form values that are auto-submitted in the user-agent, and thus are transmitted via the HTTP POST method to the client, with the result parameters being encoded in the response body using the "application/x-www-form-urlencoded" format." -->Shouldn't that say request body in the last sentence?

--> "Note that it is expected that additional Response Modes may be defined by other specifications in the future, including possibly postMessage and CORS." --> could use some more explanation or qualification. This, to me, reads like postMessage/CORS would be the actual parameter value but I don't think that was intended. Also neither thing is defined anywhere. Maybe just something like, "..., including possibly utilizing the JavaScript postMessage API or Cross-origin resource sharing (CORS)"

--> "The all parameters returned from the Authorization Endpoint SHOULD use the same Response Mode. This recommendation applies to both success and error responses." --> typo "the"?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131218/d43717e5/attachment.html>

More information about the Openid-specs-ab mailing list