[Openid-specs-mobile-profile] Issue #98: Backchannel authentication endpoint is not an extension of authorization endpoint (openid/mobile)
issues-reply at bitbucket.org
Thu Oct 18 18:28:14 UTC 2018
New issue 98: Backchannel authentication endpoint is not an extension of authorization endpoint
"3. Authentication Request" in "OpenID Connect MODRNA Authentication Profile 1.0" starts with a paragraph shown below.
> MODRNA supports all request parameters as specified in OpenID Connect Core 18.104.22.168 [OpenID.Core].
However, some parameters in OIDC Core 22.214.171.124 are apparently meaningless/impossible to support at a backchannel authentication endpoint. For example, redirect_uri, response_mode, display and ui_locales.
Some request parameters have the same names, but a backchannel authentication endpoint should be treated as an utterly different thing from an authorization endpoint.
So, the first paragraph of "3. Authentication Request" should be modified or completely removed. It would be better to list all request parameters for a backchannel authentication endpoint explicitly even if it may sound redundant than to say "MODRNA supports all request parameters as specified in OpenID Connect Core 126.96.36.199."
More information about the Openid-specs-mobile-profile