[Openid-specs-ab] Simplifying preferred_locales and max_age
Justin Richer
jricher at mitre.org
Fri Feb 1 18:21:34 UTC 2013
While I'm hesitant to add more specialized parameters to the auth
endpoint, I can see the logic here. Thus, at first instinct, I could
take it or leave it.
-- Justin
On 02/01/2013 01:15 PM, Mike Jones wrote:
>
> Currently "preferred_locales" and "max_age" are specified as occurring
> under the "userinfo" and "id_token" elements of the request object. I
> would propose moving them up to being top-level elements of the
> request object, and possibly also allowing them to be used directly as
> request parameters. My reasoning is that it makes no practical sense
> to use different locales for UserInfo claim values versus ID Token
> claim values. Likewise, while "max_age" does apply logically to the
> ID Token, it would cause no confusion to have it apply to the whole
> request and it could be useful to allow specifying "max_age" as a
> query parameter.
>
> One consequence of allowing "preferred_locales" to also be specified
> as a query parameter is that its syntax would change from a JSON array
> to a space-separated list of strings.
>
> If we did this change, it would both simplify the parsing for the MTI
> Fallback Position described in my previous message (one would just
> ignore "userinfo" and "id_token" rather than ignoring the "claims"
> members of "userinfo" and "id_token") and would enable more important
> functionality to be used without using the request object, which I
> think would make many developers happy.
>
> Thoughts?
>
> -- Mike
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130201/37bea9d0/attachment.html>
More information about the Openid-specs-ab
mailing list