[Openid-specs-ab] Updates to the UserInfo Endpoint spec
Justin Richer
jricher at mitre.org
Tue Jul 5 13:10:15 UTC 2011
+1 for showing an example endpoint but not requiring a specific path, if
for no other reason that not everybody can control their directory root.
Frameworks of all kinds have base routing that they add to things (like
Elgg's /pg/ prefix), and just like OAuth2 I'd want this to work in such
an environment. It's not just existing frameworks, though: I've even
tried to get a normal XRD endpoint on our server, and it's mired in all
kinds of red tape around who gets to put things on the root www server.
-- Justin
On Sun, 2011-07-03 at 10:44 -0400, Nat Sakimura wrote:
> +1
>
> On Sun, Jul 3, 2011 at 11:52 AM, Mike Jones
> <Michael.Jones at microsoft.com> wrote:
> OAuth doesn’t define any fixed paths. I don’t think we should
> either, other than the discovery root(s).
>
>
>
> --
> Mike
>
>
>
> From: openid-specs-ab-bounces at lists.openid.net
> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of
> Nat Sakimura
> Sent: Friday, July 01, 2011 11:06 PM
> To: George Fletcher
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Updates to the UserInfo
> Endpoint spec
>
>
>
>
> Does OAuth 2 define the fixed path? I was thinking /authorize
> was just an example...
>
>
>
>
> =nat
>
> On Sat, Jul 2, 2011 at 9:21 AM, George Fletcher
> <gffletch at aol.com> wrote:
>
> Hi John,
>
> I'm fine with the discovery spec defining the endpoints.. I
> was thinking specifically of something like /userinfo, like
> the OAuth2 spec defines /authorize and /token path portions of
> the endpoint. Do we want that part variable on an
> implementation by implementation basis?
>
> Thanks,
> George
>
>
> On 7/1/11 6:39 PM, John Bradley wrote:
>
> I think it is better to leave the path to the IdP. The
> discovery document for the IdP will list the endpoint URL.
>
>
>
>
> I would not assume that the host is necessarily the same as
> the token or other endpoints.
>
>
>
>
>
> John B.
>
> On 2011-07-01, at 6:28 PM, George Fletcher wrote:
>
>
>
>
> Hi,
>
> I updated the text regarding the UserInfo request to say that
> it is an OAuth2 protected resource supporting the Bearer Token
> spec. I also changed the SHOULD to a MUST in the response text
> requiring the JSON object to compile with the specified schema
> if the schema parameter requests "openid". Also did some clean
> ups in the referenced specs information.
>
> One thing I just noticed is that we don't specify the path of
> the UserInfo endpoint. Do we want to do so?
>
> Thanks,
> George
>
>
> <openid-connect-userinfo-1_0.html>_______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
>
>
>
>
> --
> Chief Architect AIM: gffletch
> Identity Services Engineering Work: george.fletcher at teamaol.com
> AOL Inc. Home: gffletch at aol.com
> Mobile: +1-703-462-3494 Blog: http://practicalid.blogspot.com
> Office: +1-703-265-2544 Twitter: http://twitter.com/gffletch
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>
>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
More information about the Openid-specs-ab
mailing list