[Openid-specs-ab] login_hint for Initiating Login at Client from Third Party

John Bradley ve7jtb at ve7jtb.com
Thu Jun 20 15:19:32 UTC 2013


I think Mike argued that iss be REQUIRED to avoid the client doing discovery.

Perhaps for login_hint OPTIONAL. A string that the client MUST send as login_hint parameter value of the authorization request if present.

On 2013-06-20, at 11:11 AM, Nat Sakimura <sakimura at gmail.com> wrote:

> What about this? 
> 
> login_hint
> OPTIONAL. A string that the client MUST send as login_hint parameter value of the authorization request.
> iss
> OPTIONAL. Issuer Identifier for the Issuer that the Client is to send the authentication request to. Its value MUST be a URL using the https scheme.
> target_link_uri
> OPTIONAL. URI of the target resource. After receiving a positive authorization response, the Client SHOULD redirect the user-agent to this URI. Clients MUST verify the value of the target_link_uri to prevent it being used as an open redirector to external sites.
> 
> 
> 2013/6/20 Brian Campbell <bcampbell at pingidentity.com>
> The text says login_hint is required but then ends the description with "(if necessary)" which reads kind of awkwardly (to me anyway).
> 
> Also it says it's a "hint to the Authorization Server" but this section is defining a client endpoint. Shouldn't it say what the client is supposed to do with it? I presume it should just pass it along verbatim to the AS using the parameter of the same name. But the text here should probably say as much, no?
> And why is login_hint required? It seems quite possible that the AS or other party (a static HTML page of links, for example) wouldn't know enough to populate that field at the point of sending a 	Login Initiation Request.
> 
> from http://openid.net/specs/openid-connect-standard-1_0-21.html#client_Initiate_login
> "login_hint
> REQUIRED. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary)."
> 
> 
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
> 
> 
> 
> -- 
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130620/34def8aa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4507 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130620/34def8aa/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list