[Openid-specs-ab] Updates to the UserInfo Endpoint spec
George Fletcher
gffletch at aol.com
Sat Jul 2 00:21:53 UTC 2011
Hi John,
I'm fine with the discovery spec defining the endpoints.. I was thinking
specifically of something like /userinfo, like the OAuth2 spec defines
/authorize and /token path portions of the endpoint. Do we want that
part variable on an implementation by implementation basis?
Thanks,
George
On 7/1/11 6:39 PM, John Bradley wrote:
> I think it is better to leave the path to the IdP. The discovery
> document for the IdP will list the endpoint URL.
>
> I would not assume that the host is necessarily the same as the token
> or other endpoints.
>
> John B.
> On 2011-07-01, at 6:28 PM, George Fletcher wrote:
>
>> Hi,
>>
>> I updated the text regarding the UserInfo request to say that it is
>> an OAuth2 protected resource supporting the Bearer Token spec. I also
>> changed the SHOULD to a MUST in the response text requiring the JSON
>> object to compile with the specified schema if the schema parameter
>> requests "openid". Also did some clean ups in the referenced specs
>> information.
>>
>> One thing I just noticed is that we don't specify the path of the
>> UserInfo endpoint. Do we want to do so?
>>
>> Thanks,
>> George
>> <openid-connect-userinfo-1_0.html>_______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
Chief Architect AIM: gffletch
Identity Services Engineering Work: george.fletcher at teamaol.com
AOL Inc. Home: gffletch at aol.com
Mobile: +1-703-462-3494 Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544 Twitter: http://twitter.com/gffletch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110701/5d43d5d1/attachment.html>
More information about the Openid-specs-ab
mailing list