[Openid-specs-ab] Lite Draft 8

Allen Tom allentomdude at gmail.com
Mon Aug 15 21:42:43 UTC 2011


Hi John,

Thanks for revising the OpenID Connect Lite spec!

Some feedback:

Section 2 says that the id_token should be considered opaque, and that RPs
should consult the full Connect spec if they want to process the id_token.
If this is the case, perhaps the id_token should be removed from the Lite
spec?

In Section 3, should the example with the multiple scopes use commas to
separate the values?

In Section 3.2.1, it would be helpful to define the example values for scope
(profile, email, address), display (none, touch, mobile), and prompt (login,
consent, select_account).

Sections 3.2 and 3.2.4.1 - should make it clear that in the implicit flow,
the access token is returned only in the fragment portion of the response.

Sections 3.3, 3.3.1 and 3.3.2 can be removed if id_tokens are removed from
the Lite spec.

Section 4.2 - probably would be useful to specify the resolution and/or
aspect ratio of the profile picture. Here's an example from the Twitter API:

https://dev.twitter.com/docs/api/1/get/users/profile_image/%3Ascreen_name

https://api.twitter.com/1/users/profile_image?screen_name=atom
https://api.twitter.com/1/users/profile_image?screen_name=atom&size=bigger

Facebook also has a similar interface to specify the size of the profile
picture:

https://graph.facebook.com/allentom/picture
https://graph.facebook.com/allentom/picture?type=large

Allen


On Thu, Aug 11, 2011 at 11:57 AM, John Bradley <ve7jtb at ve7jtb.com> wrote:

> Updated lite.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110815/24f3125e/attachment.html>


More information about the Openid-specs-ab mailing list