[Openid-specs-ab] FW: A comment from Randy Hudson [2200661:2644405]

Mike Jones Michael.Jones at microsoft.com
Tue Jan 31 03:12:17 UTC 2017


Let’s discuss this possible errata action on the next call…

From: Open ID Help [mailto:help at oidf.org]
Sent: Friday, January 27, 2017 3:00 PM
To: mike.leszcz at oidf.org
Cc: Mike Jones <Michael.Jones at microsoft.com>
Subject: FW: A comment from Randy Hudson [2200661:2644405]

Hello,

Please see the comment below.

Thank you,
Jessica

OpenID Foundation Finance & Membership Services
help at oidf.org<mailto:help at oidf.org>
2400 Camino Ramon, Suite 375
San Ramon, CA 94583, USA
T. +1.925.275.6639 F. +1.925.275.6691

-----Original Message-----
From: help at oidf.org<mailto:help at oidf.org>
Sent: 1/27/2017 7:19 AM
To: help at oidf.org<mailto:help at oidf.org>
Subject: A comment from Randy Hudson

a form has been submitted on January 27, 2017, via: http://openid.net/foundation/contact/ [IP 9.27.98.110, 129.42.208.182, 129.42.208.182]

Contact Form
Your Name

Randy Hudson

Email

hudsonr at us.ibm.com<mailto:hudsonr at us.ibm.com>

Website

http://www.ibm.com

Message

The core specification (http://openid.net/specs/openid-connect-core-1_0.html) incorrectly specifies that "application/x-www-form-urlencoded" form should be used for encoding query param values in a *URL*. Despite its name, application/x-www-form-urlencoded is only for the body of an HTTP request. The biggest different is in how PLUS and SPACE characters are encoded/decoded. The examples, however, actually encode SPACE correctly in a URL, using %20, rather than as '+' (if form encoding format were really being used).

In the examples that use POST to send params, application/x-www-form-urlencoded makes sense, but the examples show %20 used to encode SPACE, rather than '+'.

The scenario where this is most likely to cause a problem would be if a param value ever needed to contain a '+' character.

powered by cformsII<http://www.deliciousdays.com/cforms-plugin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170131/0bc0c981/attachment.html>


More information about the Openid-specs-ab mailing list