<div dir="ltr"><div>One way or the other it should match up to OAuth 2.0 Multiple
Response Type Encoding Practices so as not to have inconsistencies in
the spec suite. <br><br></div>It's maybe better to not have a MUST or SHOULD here at all.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Jun 1, 2013 at 7:09 PM, Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>In the 2nd paragraph of </div><h3 style="font-family:helvetica,monaco,'MS Sans Serif',arial,sans-serif;color:rgb(51,51,51);background-color:transparent">
2.2.6.1. End-User Grants Authorization</h3>
<div>of Standard, it states: </div><div><br></div><span style="font-family:verdana,charcoal,helvetica,arial,sans-serif">Note that if the </span><tt style="color:rgb(0,51,102);font-family:'Courier New',Courier,monospace">response_type</tt><span style="font-family:verdana,charcoal,helvetica,arial,sans-serif"> parameter in the Authorization Request includes the string value </span><tt style="color:rgb(0,51,102);font-family:'Courier New',Courier,monospace">token</tt><span style="font-family:verdana,charcoal,helvetica,arial,sans-serif"> or </span><tt style="color:rgb(0,51,102);font-family:'Courier New',Courier,monospace">id_token</tt><span style="font-family:verdana,charcoal,helvetica,arial,sans-serif">, all response parameters SHOULD be added to the fragment component of the redirection URI. Otherwise, the response parameters are added to the query component of the redirection URI.</span><br clear="all">
<div><br></div><div>Is it SHOULD? Is it not MUST? </div><div>SHOULD means that it can be sent otherwise, e.g., as query string. </div><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br>Nat Sakimura (=nat)<div>
Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br></div>