[Openid-specs-ab] What use case does exist behind response_type=none ?
Nat Sakimura
sakimura at gmail.com
Wed Sep 7 22:23:35 UTC 2011
You are right.
We should start compiling the issues to be discussed at the Summit.
I will make a wikipage for that.
=nat via iPhone
On 2011/09/08, at 7:11, Mike Jones <Michael.Jones at microsoft.com> wrote:
> My understanding was that the plan of record was to register response_type=none AS an OAuth response type, referencing our specification for the definition, once we believed that our specs were "done enough". As such, the right action would be to register the response type, not to remove the definition from our specifications.
>
> For context, the working group decided not to make any more normative changes to the specs until after the discussions at next weeks' summit. This would be a perfect topic to discuss at the summit. Looking forward to seeing many of you there!
>
> -- Mike
>
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
> Sent: Wednesday, September 07, 2011 2:39 PM
> To: Breno de Medeiros
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] What use case does exist behind response_type=none ?
>
> So, shall we drop it?
>
> =nat via iPhone
>
> On 2011/09/08, at 4:45, Breno de Medeiros <breno at google.com> wrote:
>
>> This should be dealt with as an OAuth2 response-type extension, not
>> here in openid-connect.
>>
>> On Wed, Sep 7, 2011 at 12:15, hideki nara <hdknr at ic-tact.co.jp> wrote:
>>> John, thank you for your description.
>>>
>>> You may know that my question is related to
>>> https://bitbucket.org/openid/connect/issue/8/ .
>>> Sounds that "none" is one missing that OAuth should have had.
>>>
>>> Breno-san will resolve this issue :-)
>>> ---
>>> hdknr
>>>
>>>
>>> 2011/9/8 John Bradley <ve7jtb at ve7jtb.com>:
>>>> Yes, it is not specific to Connect, but a more general OAuth thing.
>>>>
>>>> It takes the user through authorization, but doesn't return code or token in the redirect response.
>>>>
>>>> Breno is probably the best one to answer on the specific use cases.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 2011-09-07, at 3:14 PM, hideki nara <hdknr at ic-tact.co.jp> wrote:
>>>>
>>>>> Hello experts.
>>>>>
>>>>> Question about
>>>>> http://openid.net/specs/openid-connect-messages-1_0.html#auth_req
>>>>> .
>>>>>
>>>>> I'm not quite sure why someone want to request for no reply.
>>>>> Is there any special implication on response_type=none ?
>>>>>
>>>>> Regards.
>>>>> ---
>>>>> hdknr
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>
>>
>>
>> --
>> --Breno
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
More information about the Openid-specs-ab
mailing list