[Openid-specs-ab] Handling OpenID request objects
Mike Jones
Michael.Jones at microsoft.com
Thu Apr 19 13:20:16 UTC 2012
This was filed as issue 575. We agreed to change Messages and Standard to state that it is optional to also include OAuth parameters in the OpenID request object, but that if they are in both places, they MUST match.
Optional OAuth parameters MAY be present only in the OpenID Request object. The one exception to this is that that the scope parameter is the one OAuth parameter that MUST be present in the OAuth request (so the "openid" scope is always present in the OAuth request).
If people disagree, we can discuss this during the April 30th meeting at Yahoo!.
-- Mike
-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Vladimir Dzhuvinov / NimbusDS
Sent: Wednesday, April 11, 2012 2:00 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Handling OpenID request objects
Hi guys,
Two questions came up when implementing the IdP logic to handle OpenID request objects:
Q1: Is it correct that the request object must always include "response_type" and "scope"? If the request object is found to be not exactly according to the spec, should we continue or return error?
Q2: How should the server act when there is a mismatch between a parameter in the Authz request and the request object, e.g. "state"?
http://openid.net/specs/openid-connect-standard-1_0-09.html#req_param_method
says
"All [...] parameters MUST also be JSON Serialized into the OpenID Request Object with the same values."
whereas
http://openid.net/specs/openid-connect-messages-1_0-09.html#OpenID_Request_Object
says
"If the same parameters are present both in the Authorization Request and in the OpenID Request Object, the latter takes precedence."
Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list