[Openid-specs-fapi] What does "When a pure OAuth 2.0 is used" mean? (Part 2 / 7.3 / 6 / the 3rd item)
daru.tk at gmail.com
Thu Feb 8 18:08:15 UTC 2018
Sorry, I understood that. A new item added to FAPI Part 2 requires *"all
parameters are present inside the signed request object"*. If a request
object includes all request parameters, the authorization server can judge
whether the request (represented by the request object) is a pure OAuth 2.0
request or not.
2018-02-09 0:40 GMT+09:00 Takahiko Kawasaki <daru.tk at gmail.com>:
> *> FAPI Part 2, 7.3 Successful response, 6, the 3rd item:*
> *> iss : A JSON string that represents the issuer identifier of the
> authorization server as defined in RFC7519. When a pure OAuth 2.0 is used,
> the value is the redirection URI. When OpenID Connect is used, the value is
> the issuer value of the authorization server.*
> What does *"When a pure OAuth 2.0 is used"* mean? Does it mean *"when the
> request object registration request is a pure OAuth 2.0 request"*? Or
> does it mean *"when the authorization server is configured as a pure
> OAuth 2.0 server"*? Or else?
> In addition, regarding *"the value is the redirection URI"*, how can the
> authorization server determine the redirection URI when multiple
> redirection URIs are registered?
> Likewise, what does *"When OpenID Connect is used"* mean?
> Best Regards,
> Takahiko Kawasaki
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi