[Openid-specs-ab] Safe response_type for use with form_post response mode

Pedro Felix pmhsfelix at gmail.com
Tue Jun 24 15:38:07 UTC 2014


It is not clear to me what are the safe response_type values (e.g. "code
id_token", "id_token token")  that can be used with the form_post response

The "oauth-v2-multiple-response-types-1_0" defines the safe response modes
for each combination, but only considers query and fragment modes (as it

On the other hand, the "oauth-v2-form-post-response-mode-1_0" is not clear
about this issue, except for this sentence

   "In particular, it is safe to return Authorization Response parameters
whose default Response
    Modes are the query encoding or the fragment encoding using the
form_post Response Mode"

Does this mean that form_post response mode is safe for *any* response
type, since the defaults are always either query or fragment?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140624/85f74271/attachment.html>

More information about the Openid-specs-ab mailing list