[Openid-specs-ab] FW: A comment from Randy Hudson [2200661:2644405]
Michael.Jones at microsoft.com
Tue Jan 31 03:12:17 UTC 2017
Let’s discuss this possible errata action on the next call…
From: Open ID Help [mailto:help at oidf.org]
Sent: Friday, January 27, 2017 3:00 PM
To: mike.leszcz at oidf.org
Cc: Mike Jones <Michael.Jones at microsoft.com>
Subject: FW: A comment from Randy Hudson [2200661:2644405]
Please see the comment below.
OpenID Foundation Finance & Membership Services
help at oidf.org<mailto:help at oidf.org>
2400 Camino Ramon, Suite 375
San Ramon, CA 94583, USA
T. +1.925.275.6639 F. +1.925.275.6691
From: help at oidf.org<mailto:help at oidf.org>
Sent: 1/27/2017 7:19 AM
To: help at oidf.org<mailto:help at oidf.org>
Subject: A comment from Randy Hudson
a form has been submitted on January 27, 2017, via: http://openid.net/foundation/contact/ [IP 18.104.22.168, 22.214.171.124, 126.96.36.199]
hudsonr at us.ibm.com<mailto:hudsonr at us.ibm.com>
The core specification (http://openid.net/specs/openid-connect-core-1_0.html) incorrectly specifies that "application/x-www-form-urlencoded" form should be used for encoding query param values in a *URL*. Despite its name, application/x-www-form-urlencoded is only for the body of an HTTP request. The biggest different is in how PLUS and SPACE characters are encoded/decoded. The examples, however, actually encode SPACE correctly in a URL, using %20, rather than as '+' (if form encoding format were really being used).
In the examples that use POST to send params, application/x-www-form-urlencoded makes sense, but the examples show %20 used to encode SPACE, rather than '+'.
The scenario where this is most likely to cause a problem would be if a param value ever needed to contain a '+' character.
powered by cformsII<http://www.deliciousdays.com/cforms-plugin>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab