[Openid-specs-ab] [openid/connect] Since OAuth provides no IANA registry for scope values, OpenID Connect shouldn’t try to use it (issue #558)
issues-reply at bitbucket.org
Sat Mar 24 15:58:44 UTC 2012
--- you can reply above this line ---
New issue 558: Since OAuth provides no IANA registry for scope values, OpenID Connect shouldn’t try to use it
Brian Campbell / b_d_c on Sat, 24 Mar 2012 16:58:44 +0100:
§10.1.1 of Standard -08 has an IANA registry request for the scope values, openid, profile, email, address, and phone. However, oauth-v2 does not establish, as far as I can tell, a registry for scope values - only for token types, parameters, response types and extension errors.
Perhaps this raises the question of if OAuth2 should establish some registry for scope values or otherwise provide some guidance on avoiding name collisions when using specific scope values in derivative specification? It doesn't provide much now, "The [scope] strings are defined by the authorization server" seems to be the extent of it. Anyway, the way I read it currently, the registration request in §10.1.1 is either illegal or meaningless.
Seems like, at a minimum though, OpenID Connect shouldn’t try to use a non-existent registry.
This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.
More information about the Openid-specs-ab