[Openid-specs-ab] Minimum OAuth 2.0 parameter set required when using a Request Object
John Bradley
ve7jtb at ve7jtb.com
Sat Oct 26 03:20:52 UTC 2013
Yes they still need to be a valid OAuth request so the required parameters must be present.
Sent from my iPhone
> On Oct 25, 2013, at 7:22 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
>
> In his review, Brian asked whether the minimum set of OAuth 2.0-specified Authorization Request parameters must be present in requests using Request Objects (with the “request” or “request_uri” parameters). We currently say that “scope” must be present but we don’t say whether “client_id” and “response_type”, which are OAuth 2.0 REQUIRED parameters, must be present.
>
> I think they probably need to be, so it’s a legal OAuth request. Do others agree?
>
> -- Mike
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131025/30fda48b/attachment.html>
More information about the Openid-specs-ab
mailing list