[Openid-specs-ab] [openid/connect] Messages 5.1.3 - Messages says MUST understand whereas OAuth 2.0 says MUST ignore for unrecognized request parameters (issue #790)

Michael Jones issues-reply at bitbucket.org
Tue Mar 5 02:28:30 UTC 2013


--- you can reply above this line ---

New issue 790: Messages 5.1.3 - Messages says MUST understand whereas OAuth 2.0 says MUST ignore for unrecognized request parameters
https://bitbucket.org/openid/connect/issue/790/messages-513-messages-says-must-understand

Michael Jones:

The first parameter validation step at http://openid.bitbucket.org/openid-connect-messages-1_0.html#req.obj.veri currently is:  “The Authorization Server MUST understand all the parameters except for any unsupported Claims. If there are any parameters that it does not understand except for any unsupported Claims, it MUST return an error response.”

This contradicts OAuth 2.0, Section 3.1, which says “The authorization server MUST ignore unrecognized request parameters.”

I think we should just drop the sentence above from Messages.


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list