[Openid-specs-ab] Issue #13: Always show OP-P-02 (Support request request parameter with unsecured request) (openid/certification)
Michael Jones
issues-reply at bitbucket.org
Thu Jan 22 00:57:39 UTC 2015
New issue 13: Always show OP-P-02 (Support request request parameter with unsecured request)
https://bitbucket.org/openid/certification/issue/13/always-show-op-p-02-support-request
Michael Jones:
For all configurations, it must be possible to test logging in when an unsigned request request parameter and verify that using it results in no error. If not supported, some loss of functionality is expected.
Note that per http://openid.net/specs/openid-connect-core-1_0.html#RequestObject, "So that the request is a valid OAuth 2.0 Authorization Request, values for the response_type and client_id parameters MUST be included using the OAuth 2.0 request syntax, since they are REQUIRED by OAuth 2.0. The values for these parameters MUST match those in the Request Object, if present."
More information about the Openid-specs-ab
mailing list