[Openid-specs-ab] Issue #1190: prompt=create implicit example undefined behaviour? (openid/connect)

josephheenan issues-reply at bitbucket.org
Fri Sep 25 10:23:30 UTC 2020


New issue 1190: prompt=create implicit example undefined behaviour?
https://bitbucket.org/openid/connect/issues/1190/prompt-create-implicit-example-undefined

Joseph Heenan:

This example in the prompt=create spec:

‌

```
 GET /as/authorization.oauth2?response_type=token
     &client_id=example-client
     &state=XzZaJlcwYew1u0QBrRv_Gw
     &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Eorg%2Fcb
     &prompt=create
     &scope=openid%20profile HTTP/1.1
  Host: authorization-server.example.com
```

I think invokes undefined behaviour, as response\_type=token combined with scope=openid don’t have defined behaviour? It might be better to include id\_token in the response\_type.




More information about the Openid-specs-ab mailing list