[Openid-specs-ab] id_token in URI query parameter
torsten at lodderstedt.net
Tue Feb 21 16:48:28 UTC 2012
what is the rational for not supporting the transmission of id tokens as URI request parameter? Is it because of the potential leakage via browser caches?
I'm asking because the id token is more or less equivalent to a OpenId 2.0 response, which directly carries all identity data to the RP. But the Connect design makes life of an ordinary RP more difficult. It either needs to take another roundtrip (code) or implement JS client side logic to obtain the same data.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab