[Openid-specs-ab] login_hint for Initiating Login at Client from Third Party

Brian Campbell bcampbell at pingidentity.com
Wed Jun 19 22:48:01 UTC 2013


The text says login_hint is required but then ends the description with
"(if necessary)" which reads kind of awkwardly (to me anyway).
Also it says it's a "hint to the Authorization Server" but this section is
defining a client endpoint. Shouldn't it say what the client is supposed to
do with it? I presume it should just pass it along verbatim to the AS using
the parameter of the same name. But the text here should probably say as
much, no?

And why is login_hint required? It seems quite possible that the AS or
other party (a static HTML page of links, for example) wouldn't know enough
to populate that field at the point of sending a  Login Initiation Request.
from
http://openid.net/specs/openid-connect-standard-1_0-21.html#client_Initiate_login
"login_hint REQUIRED. Hint to the Authorization Server about the login
identifier the End-User might use to log in (if necessary)."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130619/0806db21/attachment.html>


More information about the Openid-specs-ab mailing list