[Openid-specs-ab] Other grant types and scope openid

[Torsten Lodderstedt]

Hi all,

what is the expected behavior in case a client requests the scope 
"openid" with a grant type other than code or token? For example, an app 
could request it at the token endpoint using "Resource Owner Password 
Credentials". Given the recent discussion on refresh tokens and id 
tokens, the id token concept seems to be tight to browser sessions. So I 
don't see a need to return an id token to apps in cases where no browser 
session is involved.

Comments?

regards,
Torsten.