[Openid-specs-native-apps] AppInfo endpoint

Emily Xu exu at vmware.com
Mon Sep 29 23:01:18 UTC 2014 

Thanks for your reply John. For question number 1, I hope we can define some standard claims in access token for better interoperability.

Another question: Section 7.2 says "To obtain application metadata information, the TA MAY make a GET or POST request to the AppInfo Endpoint.". Any reason we add POST request there?

Thanks,
Emily

From: John Bradley <ve7jtb at ve7jtb.com<mailto:ve7jtb at ve7jtb.com>>
Date: Monday, September 29, 2014 12:03 PM
To: Emily Xu <exu at vmware.com<mailto:exu at vmware.com>>
Cc: "openid-specs-native-apps at lists.openid.net<mailto:openid-specs-native-apps at lists.openid.net>" <openid-specs-native-apps at lists.openid.net<mailto:openid-specs-native-apps at lists.openid.net>>
Subject: Re: [Openid-specs-native-apps] AppInfo endpoint

Inline
On Sep 29, 2014, at 1:23 PM, Emily Xu <exu at vmware.com<mailto:exu at vmware.com>> wrote:

I have a couple of questions related to NAPPS AppInfo endpoint.

1. In Section 7.2.1, it says "Access Token obtained from an OpenID Connect Authorization Request". I assume it means the access_token should contain "openid" in scope. Is it correct?

The format of access tokens issued by the Authorization endpoint for the AppInfo endpoint is unspecified, as the AppInfo endpoint and the AS are tightly related and the tokens are opaque to the client.

The Authorization request MUST have "openid" in the scopes requested.  It is however up to the AS to decide if that needs to be indicated in the access token.


2. In Section 7.2.2, it says
 "apps
REQUIRED (Array). One or more JSON objects containing claims about applications that the TA can provide tokens or web boot-stap uri for."

Any reason it must be "One or more" instead of "Zero or more"? If there is zero app authorized for this particular user, what the response should be?

OK Good point if there are no apps then it would be an empty array.   I suspect that was a hold over from the TA validating the bundleid directly as the TA woulden't have had much to do with zero apps.

I will make that change.

John B.

Thanks,
Emily
_______________________________________________
Openid-specs-native-apps mailing list
Openid-specs-native-apps at lists.openid.net<mailto:Openid-specs-native-apps at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-native-apps

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140929/ffd9c916/attachment-0001.html>

More information about the Openid-specs-native-apps mailing list