[Openid-specs-ab] Review Comments on Multiple Response Types

Torsten Lodderstedt torsten at lodderstedt.net
Thu Nov 7 01:49:00 UTC 2013


Hi Mike,

here are my review comments on Multiple Response Types.

regards,
Torsten.

2.1.

"For purposes of this specification, the default Response Mode for the 
OAuth 2.0 code response_type is the query encoding. For purposes of this 
specification, the default Response Mode for the OAuth 2.0 token 
response_type is the fragment encoding." - I would suggest to format 
code, token, query and fragment as key words (instead of response_type), 
this will aid the reader to map the corresponding concepts.

4. None Response Type

What is this response type used for?

5.

Example: I think it would make sense to show fragment encoding of a 
hybrid response type including “code”, e.g. "code id_token" in order to 
show the expected default encoding behavior if any fragment encoded 
artifact is present (as described in this section).




More information about the Openid-specs-ab mailing list