[OpenID] Comments on openid-igov-openid-connect-1_0 draft 02
Manger, James
James.H.Manger at team.telstra.com
Fri Sep 1 01:12:33 UTC 2017
Comments on “International Government Assurance Profile (iGov) for OpenID Connect 1.0 - Draft 02” http://openid.net/specs/openid-igov-openid-connect-1_0.html:
*
Comments on “International Government Assurance Profile (iGov) for OAuth 2.0 - Draft 02” http://openid.net/specs/openid-igov-oauth2-1_0.html:
* §2.1.1 “Requests to the Authorization Endpoint” says clients "MUST include their full redirect URIs in the authorization request", but the example doesn't include it. The example has client_id, nonce, response_type and scope parameters; not no redirect_uri.
* §2.1.1 It should also be “URI” singular (not “URIs” plural) as though a client might have multiple URIs registered, it can only include 1 in any particular request.
* §2.1.2 Example POST to /token doesn't include redirect_uri.
* §4.2 typo "acceept" → "accept"
--
James Manger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20170901/9b8436ef/attachment.html>
More information about the general
mailing list