[Openid-specs-ab] session management: space is deliminator while also a legal character in client_id
Brian Campbell
bcampbell at pingidentity.com
Tue Feb 4 15:28:32 UTC 2014
In 4.1 of Session Management
<http://openid.net/specs/openid-connect-session-1_0.html#RPiframe>"The
postMessage from the RP iframe delivers the following concatenation as the
data: *Client ID + " " + Session State*" and 4.2 the OP has to
Wouldn't that break for client ids that contain spaces, when in
section 4.2<http://openid.net/specs/openid-connect-session-1_0.html#OPiframe>,
the OP attempts to parse those two items out from the data (and yes, spaces
are allowed per the client_id ABNF in RFC
6749<http://tools.ietf.org/html/rfc6749#appendix-A.1>
)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140204/fad4ffdd/attachment.html>
More information about the Openid-specs-ab
mailing list