[Openid-specs-ab] Issue #1749: Change SIOP v2 request to OAuth2/JAR parameter set? (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Wed Dec 7 17:07:35 UTC 2022
New issue 1749: Change SIOP v2 request to OAuth2/JAR parameter set?
https://bitbucket.org/openid/connect/issues/1749/change-siop-v2-request-to-oauth2-jar
Torsten Lodderstedt:
SIOP v2, Section 10, requires the parameters “scope”, “redirect\_uri”, and “response\_type” to be present even if a “request” or “request\_uri” parameter is present. This seems to be inherited from the OIDC core spec \(which predates JAR\).
I suggest to modify SIOP v2 to allow requests with request\_uri or request to contain the client\_id only.
More information about the Openid-specs-ab
mailing list