[Openid-specs-ab] Query encoding of response_type none parameters
Breno de Medeiros
breno at google.com
Tue Dec 13 18:15:05 UTC 2011
On Tue, Dec 13, 2011 at 09:47, Mike Jones <Michael.Jones at microsoft.com> wrote:
> The text describing the response type "none" says "Any parameters added to the redirect_uri should be query encoded". Why was query encoding chosen rather than fragment encoding?
The flow 'none' is used in market-type
installation-time-approval-prompt scenarios where the page starting
the flow is not the intended application to receive it.
At most the receiving application need to detect that the user has
completed the task (i.e., a 'yes', 'no', or 'quit' indicator). If the
application can obtain this information through means other than a
redirect (e.g., window closing), it doesn't need to use the
redirect_uri at all.
Given that it's a one-time setup process, it does not involve the
transmission of sensitive information, and may be implemented without
redirects (to prevent post-approval page reloads), we think there is
no motivation for fragment encoding, and query encoding is usually
easier to implement.
> -- Mike
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Ryo Ito
> Sent: Tuesday, December 13, 2011 6:59 AM
> To: openid-specs-ab at lists.openid.net
> Subject: [Openid-specs-ab] Response parameter encoding of "None" Case
> === Session 4 ===Any parameters added to the redirect_uri should be query encoded.
> This applies to both successful responses and error responses.=============== Why the response parameters are query encoded only this case?Like other cases defined in this spec, I think that it should be returned as fragment.
> Ryo Ito
> Email : ritou.06 at gmail.com
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab