[Openid-specs-ab] login_hint for Initiating Login at Client from Third Party

Nat Sakimura sakimura at gmail.com
Thu Jun 20 15:11:25 UTC 2013


What about this?
login_hintOPTIONAL. A string that the client MUST send as login_hint
parameter value of the authorization request.issOPTIONAL. Issuer Identifier
for the Issuer that the Client is to send the authentication request to.
Its value MUST be a URL using the https scheme.target_link_uriOPTIONAL. URI
of the target resource. After receiving a positive authorization
response, the Client SHOULD redirect the user-agent to this URI. Clients
MUST verify the value of the target_link_uri to prevent it being used as an
open redirector to external sites.


2013/6/20 Brian Campbell <bcampbell at pingidentity.com>

> The text says login_hint is required but then ends the description with
> "(if necessary)" which reads kind of awkwardly (to me anyway).
> Also it says it's a "hint to the Authorization Server" but this section is
> defining a client endpoint. Shouldn't it say what the client is supposed to
> do with it? I presume it should just pass it along verbatim to the AS using
> the parameter of the same name. But the text here should probably say as
> much, no?
>
> And why is login_hint required? It seems quite possible that the AS or
> other party (a static HTML page of links, for example) wouldn't know enough
> to populate that field at the point of sending a  Login Initiation Request.
> from
> http://openid.net/specs/openid-connect-standard-1_0-21.html#client_Initiate_login
> "login_hint REQUIRED. Hint to the Authorization Server about the login
> identifier the End-User might use to log in (if necessary)."
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130621/ba532722/attachment.html>


More information about the Openid-specs-ab mailing list