Mozilla BrowserID

Allen Tom allentomdude at gmail.com
Tue Jul 19 21:07:49 UTC 2011


Hi Johannes,

At a high level, OpenID Connect implementers are expected to implement an
OAuth2 service that issues an Access Token, along with the UserInfo
webservice:

http://openid.net/specs/openid-connect-userinfo-1_0.html#anchor4

So after the user authenticates, the RP has an OAuth2 Access Token that can
be used on the UserInfo endpoint to get attributes about the user.

I believe that all the fields in the UserInfo response are optional, except
for the user's identifier. IdPs are allowed to add more fields to the
UserInfo response.

I'm not sure if it makes any sense to implement OpenID Connect Core without
the UserInfo service, so it might make sense to combine the two specs.

Allen



On Tue, Jul 19, 2011 at 9:45 AM, Johannes Ernst <jernst+openid.net@
netmesh.us> wrote:

>
>
> I realize I have a hard time commenting on the Connect work until it is
> clear what this minimum set of features is supposed to be. Perhaps that is
> documented somewhere and I just haven't seen it?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20110719/7f700d81/attachment.html>


More information about the specs mailing list