[Openid-specs-ab] Couple questions on the UserInfo Request

Mike Jones Michael.Jones at microsoft.com
Tue Mar 5 22:57:49 UTC 2013


Having read §2.3.1 (UserInfo Request), first I think something like these words are missing before the list "The following request parameters are used with the UserInfo endpoint:".  I can add those.

However, looking at this again, I believe there's an ambiguity whether the client adds the "schema=openid" parameter or not.  Making this concrete, I believe that the URL of Google's UserInfo Endpoint is:
	https://www.googleapis.com/oauth2/v3/userinfo?schema=openid
They've already added the parameter to their endpoint address.

Should they actually be advertising this UserInfo endpoint address instead:
	https://www.googleapis.com/oauth2/v3/userinfo
with the expectation that the Client will add the "schema=openid" parameter?

I think we may need to be clearer on this.

				-- Mike

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Tuesday, March 05, 2013 11:27 AM
To: Vladimir Dzhuvinov / NimbusDS
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Couple questions on the UserInfo Request

At around the time, we switched from SCIM schema to the flat schema due to developer requests at the time. However, we wanted to provide the ability to specify other scheme name such as scim to get the data in that format if the server supports.

Sent from iPad

2013/03/06 4:10、Vladimir Dzhuvinov / NimbusDS <vladimir at nimbusds.com> のメッセージ:

> I was also wondering about that. It seems to be an artefact from old 
> drafts 05 and 07, as the doc history suggests:
>
> http://openid.net/specs/openid-connect-messages-1_0.html#rfc.section.C
>
> Vladimir
>
> --
> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
>
>
>
> -------- Original Message --------
> Subject: [Openid-specs-ab] Couple questions on the UserInfo Request
> From: Brian Campbell <bcampbell at pingidentity.com>
> Date: Tue, March 05, 2013 6:30 pm
> To: "<openid-specs-ab at lists.openid.net>"
> <openid-specs-ab at lists.openid.net>
>
> In §2.3.1. UserInfo Request at
> http://openid.bitbucket.org/openid-connect-messages-1_0.html#UserInfoR
> equest , if the only defined schema value is openid, why make it 
> required rather than just defaulting to the only current possible 
> value?
>
> And what is the id parameter for? It just kind of sticks out as odd 
> there. I imagine there's some reason it's there but the associated 
> text is kind of cryptic and doesn't explain much.
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list