[Openid-specs-ab] Issue #908: Core - 2.2.2.7 Redirect URI Fragment Handling (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Mon Dec 2 17:25:52 UTC 2013


New issue 908: Core - 2.2.2.7 Redirect URI Fragment Handling
https://bitbucket.org/openid/connect/issue/908/core-2227-redirect-uri-fragment-handling

Nat Sakimura:

This section is just talking one way of dealing with Fragment. 
It is not the most desired way either. 
(Sending the access token in the fragment to the server is not a good idea. 
If it wants to do it, it should have used code flow to begin with. 
This example may give the reader false impression.) 

In Hybrid Flow, it makes more sense that it has to send the code to the server. 

Proposal: 
Move the example in section to 2.3.2.7. and change the example to just to send the code. 




More information about the Openid-specs-ab mailing list