[Openid-specs-ab] Minimum OAuth 2.0 parameter set required when using a Request Object

Mike Jones Michael.Jones at microsoft.com
Fri Oct 25 23:22:03 UTC 2013


In his review, Brian asked whether the minimum set of OAuth 2.0-specified Authorization Request parameters must be present in requests using Request Objects (with the "request" or "request_uri" parameters).  We currently say that "scope" must be present but we don't say whether "client_id" and "response_type", which are OAuth 2.0 REQUIRED parameters, must be present.

I think they probably need to be, so it's a legal OAuth request.  Do others agree?

                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131025/7388c0a9/attachment.html>


More information about the Openid-specs-ab mailing list