[Openid-specs-fapi] What does "When a pure OAuth 2.0 is used" mean? (Part 2 / 7.3 / 6 / the 3rd item)

Takahiko Kawasaki daru.tk at gmail.com
Thu Feb 8 15:40:17 UTC 2018


*> FAPI Part 2, 7.3 Successful response, 6, the 3rd item:*
*> iss : A JSON string that represents the issuer identifier of the
authorization server as defined in RFC7519. When a pure OAuth 2.0 is used,
the value is the redirection URI. When OpenID Connect is used, the value is
the issuer value of the authorization server.*

What does *"When a pure OAuth 2.0 is used"* mean? Does it mean *"when the
request object registration request is a pure OAuth 2.0 request"*? Or does
it mean *"when the authorization server is configured as a pure OAuth 2.0
server"*? Or else?

In addition, regarding *"the value is the redirection URI"*, how can the
authorization server determine the redirection URI when multiple
redirection URIs are registered?

Likewise, what does *"When OpenID Connect is used"* mean?

Best Regards,
Takahiko Kawasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180209/04166df0/attachment.html>

More information about the Openid-specs-fapi mailing list