[Openid-specs-ab] Breaking change in OAuth 2.0 rev. 23
sakimura at gmail.com
Wed Mar 14 11:02:36 UTC 2012
I only noticed now that rev 23 had a breaking change. it seems to
doesn't allow the response_type=code token unless we define another client
type such as "hybrid".
This is a breaking change.
I wonder why I did not notice it till now.
>From section 2.1of
"A client application consisting of multiple components, each with its
own client type (e.g. a distributed client with both a confidential
server-based component and a public browser-based component), *MUST*
register each component separately as a different client to ensure
proper handling by the authorization server."
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab