[Openid-specs-mobile-profile] Issue #98: Backchannel authentication endpoint is not an extension of authorization endpoint (openid/mobile)

Takahiko Kawasaki issues-reply at bitbucket.org
Thu Oct 18 18:28:14 UTC 2018


New issue 98: Backchannel authentication endpoint is not an extension of authorization endpoint
https://bitbucket.org/openid/mobile/issues/98/backchannel-authentication-endpoint-is-not

Takahiko Kawasaki:

"3. Authentication Request" in "OpenID Connect MODRNA Authentication Profile 1.0" starts with a paragraph shown below.

> MODRNA supports all request parameters as specified in OpenID Connect Core 3.1.2.1 [OpenID.Core].

However, some parameters in OIDC Core 3.1.2.1 are apparently meaningless/impossible to support at a backchannel authentication endpoint. For example, redirect_uri, response_mode, display and ui_locales.

Some request parameters have the same names, but a backchannel authentication endpoint should be treated as an utterly different thing from an authorization endpoint.

So, the first paragraph of "3. Authentication Request" should be modified or completely removed. It would be better to list all request parameters for a backchannel authentication endpoint explicitly even if it may sound redundant than to say "MODRNA supports all request parameters as specified in OpenID Connect Core 3.1.2.1."




More information about the Openid-specs-mobile-profile mailing list