[Openid-specs-igov] Assurance Profile for OAuth or OIDC

Phil Hunt phil.hunt at oracle.com
Wed Oct 4 22:27:25 UTC 2017


For the draft openid-igov-oauth2, I am finding it confusing because the examples are all OIDC based rather than OAuth2 as per the document title.  

For example, Section 2.1.1 talks about using the “state" parameter and then uses an OIDC example without a state parameter but with “nonce" instead.

Is the intent to cover OIDC and plain OAuth or both?  Or should the draft be entitled Profile for OIDC?

Perhaps some more explanatory text and/or examples for both types should be included?

Regards,

Phil

Oracle Corporation, Identity Cloud Services Architect
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-igov/attachments/20171004/d4d5c31d/attachment.html>


More information about the Openid-specs-igov mailing list