[Openid-specs-ab] Review Comments on Multiple Response Types
Torsten Lodderstedt
torsten at lodderstedt.net
Thu Nov 7 01:49:00 UTC 2013
Hi Mike,
here are my review comments on Multiple Response Types.
regards,
Torsten.
2.1.
"For purposes of this specification, the default Response Mode for the
OAuth 2.0 code response_type is the query encoding. For purposes of this
specification, the default Response Mode for the OAuth 2.0 token
response_type is the fragment encoding." - I would suggest to format
code, token, query and fragment as key words (instead of response_type),
this will aid the reader to map the corresponding concepts.
4. None Response Type
What is this response type used for?
5.
Example: I think it would make sense to show fragment encoding of a
hybrid response type including “code”, e.g. "code id_token" in order to
show the expected default encoding behavior if any fragment encoded
artifact is present (as described in this section).
More information about the Openid-specs-ab
mailing list