[Openid-specs-ab] Issue #12: Always show OP-O-02 (Support request_uri Request Parameter with unSigned Request) (openid/certification)
Michael Jones
issues-reply at bitbucket.org
Thu Jan 22 00:46:04 UTC 2015
New issue 12: Always show OP-O-02 (Support request_uri Request Parameter with unSigned Request)
https://bitbucket.org/openid/certification/issue/12/always-show-op-o-02-support-request_uri
Michael Jones:
For all configurations, it must be possible to test logging in when an unsigned request_uri request value is sent and verify that using it results in no error. If not supported, some loss of functionality is expected.
Note that per http://openid.net/specs/openid-connect-core-1_0.html#RequestUriParameter "So that the request is a valid OAuth 2.0 Authorization Request, values for the response_type and client_id parameters MUST be included using the OAuth 2.0 request syntax, since they are REQUIRED by OAuth 2.0. The values for these parameters MUST match those in the Request Object, if present."
More information about the Openid-specs-ab
mailing list