[Openid-specs-ab] 3.3.1. Hybrid Flow Steps
Nat Sakimura
sakimura at gmail.com
Sun Jan 5 05:04:57 UTC 2014
Good catch.
Though, in hybrid flow, code is actually always returned in successful
response so it would be
- 5. Authorization Server Sends the End-User back to the Client with an ID
Token and, if requested, an Authorization Code and/or Access Token.
+ 5. Authorization Server Sends the End-User back to the Client with an ID
Token, an Authorization Code and, if requested, an Access Token.
If it does not return an authorization code, it is an implicit flow.
2014/1/5 Ryo Ito <ritou.06 at gmail.com>
> Hybrid flow includes code in authorization response.
>
> Step 5 should be corrected as follows.
>
> - 5. Authorization Server Sends the End-User back to the Client with an ID
> Token and, if requested, an Authorization Code and/or Access Token.
> + 5. Authorization Server Sends the End-User back to the Client with an
> Code and, if requested, an Authorization ID Token and/or Access Token.
>
> Thanks,
> Ryo.
>
> --
> ====================
> Ryo Ito
> Email : ritou.06 at gmail.com
> ====================
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140105/f1a74b53/attachment.html>
More information about the Openid-specs-ab
mailing list