[Openid-specs-ab] response_type 'none'
Roland Hedberg
roland.hedberg at adm.umu.se
Thu Sep 22 07:22:51 UTC 2011
According to
OpenID Connect Messages 1.0 - draft 04
3.1.3. Authorization Response
'The response_type "none" preempts all other values and only state SHOULD be returned to the client.'
This violates draft-ietf-oauth-v2-21 section 4.12, which states that 'code' is required in an Authorization Response.
So, should we state that the returned value of 'code' SHOULD be "" when response_type == 'none' ?
But that it in any way will be ignored ?
-- Roland
More information about the Openid-specs-ab
mailing list