[Openid-specs-ab] response_type 'none'

Roland Hedberg roland.hedberg at adm.umu.se
Thu Sep 22 07:22:51 UTC 2011


According to 

OpenID Connect Messages 1.0 - draft 04
3.1.3.  Authorization Response

'The response_type "none" preempts all other values and only state SHOULD be returned to the client.'

This violates draft-ietf-oauth-v2-21 section 4.12, which states that 'code' is required in an Authorization Response.

So, should we state that the returned value of 'code' SHOULD be "" when response_type == 'none' ?
But that it in any way will be ignored ?

-- Roland


More information about the Openid-specs-ab mailing list