[OpenID] Comments on openid-igov-openid-connect-1_0 draft 02

[Manger, James]

Comments on “International Government Assurance Profile (iGov) for OAuth 2.0 - Draft 02” http://openid.net/specs/openid-igov-oauth2-1_0.html:


*        §2.1.1 “Requests to the Authorization Endpoint” says clients "MUST include their full redirect URIs in the authorization request", but the example doesn't include it. The example has client_id, nonce, response_type and scope parameters; not no redirect_uri.

*        §2.1.1 It should also be “URI” singular (not “URIs” plural) as though a client might have multiple URIs registered, it can only include 1 in any particular request.

*        §2.1.2 Example POST to /token doesn't include redirect_uri.

*        §4.2 typo "acceept" → "accept"

Comments on


*


P.S. It is a pity it isn’t easy to comment on spec when their review periods and votes are announced to the whole OpenID Foundation. All members are asked to vote (and many are need to reach a quorum), but only those within the specific working group can send email to its list. Or perhaps openid-general at lists.openid.net<mailto:openid-general at lists.openid.net> is the right place for these sorts of comments from non-group members.

--
James Manger

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20170901/c76660f7/attachment.html>