[Openid-specs-ab] Issue #2177: [Native SSO] /token endpoint (openid/connect)
Takahiko Kawasaki
issues-reply at bitbucket.org
Thu Apr 24 13:09:49 UTC 2025
New issue 2177: [Native SSO] /token endpoint
https://bitbucket.org/openid/connect/issues/2177/native-sso-token-endpoint
Takahiko Kawasaki:
In OpenID Connect Native SSO for Mobile Apps 1.0 draft 07, there are five instances where a slash is prefixed to “token endpoint”, resulting in “**/token** endpoint”. What is the reason for adding the slash? Unless the slash has a special meaning within the specification, it should be removed.
1. Section 2. Abstract Flow, the 2nd last paragraph: _“Step \[9\] invokes the **/token** endpoint with the token exchange profile …”_
2. Section 3.2. Device Secret, the 2nd paragraph: _“… the **/token** endpoint to exchange code for tokens.”_
3. Section 3.2. Device Secret, the 2nd paragraph: _“… The client SHOULD provide the device\_secret to the **/token** endpoint during …”_
4. Section 3.3. Token Request, the 2nd paragraph: _“… the **/token** endpoint for the authorization\_code and refresh\_token grant types:”_
5. Section 4.2. Token Exchange Request, the 1st paragraph: _“… it makes a standard OAuth2 **/token** endpoint …”_
More information about the Openid-specs-ab
mailing list