[Openid-specs-ab] Issue #985: Use Bearer in token_type in Implicit Flow response example (openid/connect)

Iván Perdomo issues-reply at bitbucket.org
Thu Sep 17 08:24:15 UTC 2015


New issue 985: Use Bearer in token_type in Implicit Flow response example
https://bitbucket.org/openid/connect/issues/985/use-bearer-in-token_type-in-implicit-flow

Iván Perdomo:

The section "Successful Token Response" (http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse) states that the `token_type` **MUST** be **Bearer** as as specified in OAuth 2.0 Bearer Token Usage [RFC6750]. However there is another example that uses **bearer** in `token_type`. See section 3.2.2.5 "Successful Authentication Response" (http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse)

      HTTP/1.1 302 Found
      Location: https://client.example.org/cb#
        access_token=SlAV32hkKG
        &token_type=bearer
        &id_token=eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso
        &expires_in=3600
        &state=af0ifjsldkj


That example does not follow the RFC6750 




More information about the Openid-specs-ab mailing list