[Openid-specs-ab] response_type 'none'
sakimura at gmail.com
Thu Sep 22 12:08:02 UTC 2011
On Thu, 22 Sep 2011 09:22:51 +0200, Roland Hedberg wrote:
> According to
> OpenID Connect Messages 1.0 - draft 04
> 3.1.3. Authorization Response
> 'The response_type "none" preempts all other values and only state
> SHOULD be returned to the client.'
> This violates draft-ietf-oauth-v2-21 section 4.1.2, which states that
> 'code' is required in an Authorization Response.
That is when response_type=code.
The response_type=none is essentially introducing a new flow,
which is neither "code" nor "token" nor "code token".
> So, should we state that the returned value of 'code' SHOULD be ""
> when response_type == 'none' ?
> But that it in any way will be ignored ?
I think we should explicitly say that the combination of "none" and any
other response type is undefined.
> -- Roland
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab