[Openid-specs-ab] OpenID query - Hybrid Flow Authentication
Thomas Broyer
t.broyer at gmail.com
Thu Mar 7 13:28:42 UTC 2019
Section 3.3.2.10 requires an ID Token, "code token" cannot use these steps.
Le jeu. 7 mars 2019 13:54, Nughmman Butt via Openid-specs-ab <
openid-specs-ab at lists.openid.net> a écrit :
> Hello,
>
>
> I am going through the following website:
>
>
> https://openid.net/specs/openid-connect-core-1_0.html
>
> My query relates to the Hybrid Flow Authentication.
>
> *Section 3.3.2.5 Successful Authentication Response states:*
>
>
> "code
> Authorization Code. This is always returned when using the Hybrid Flow."
>
> *section 3.3.2.8. Authentication Response Validation, clause 5 states:*
>
>
>
> "Follow the Authorization Code validation rules in Section 3.3.2.10 when
> the response_type value used is *code id_token* or *code id_token token*."
>
> Shouldn't clause 5 mention all 3 hybrid flow response types i.e
> code id_token, code id_token token *AND CODE TOKEN*?
>
> Please advise.
>
> Rgds
> Nughmman
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190307/f973565c/attachment.html>
More information about the Openid-specs-ab
mailing list