<div dir="ltr"><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">What about this? </dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif"><br></dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">
login_hint</dt><dd style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">OPTIONAL. A string that the client MUST send as login_hint parameter value of the authorization request.</dd><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">
iss</dt><dd style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">OPTIONAL. Issuer Identifier for the Issuer that the Client is to send the authentication request to. Its value MUST be a URL using the <tt style="color:rgb(0,51,102);font-family:'Courier New',Courier,monospace">https </tt>scheme.</dd>
<dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">target_link_uri</dt><dd style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">OPTIONAL. URI of the target resource. After receiving a positive authorization response, the Client SHOULD redirect the user-agent to this URI. Clients MUST verify the value of the <tt style="color:rgb(0,51,102);font-family:'Courier New',Courier,monospace">target_link_uri</tt> to prevent it being used as an open redirector to external sites.</dd>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/20 Brian Campbell <span dir="ltr"><<a href="mailto:bcampbell@pingidentity.com" target="_blank">bcampbell@pingidentity.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><dl><dt>The text says login_hint is required but then ends the description with "(if necessary)" which reads kind of awkwardly (to me anyway).</dt><dt><br></dt><dt>Also it says it's a "hint to the Authorization Server" but this section is defining a client endpoint. Shouldn't it say what the client is supposed to do with it? I presume it should just pass it along verbatim to the AS using the parameter of the same name. But the text here should probably say as much, no? </dt>
</dl><p>And why is login_hint required? It seems quite possible that the AS or other party (a static HTML page of links, for example) wouldn't know enough to populate that field at the point of sending a Login Initiation Request. </p>
</div><div>from <a href="http://openid.net/specs/openid-connect-standard-1_0-21.html#client_Initiate_login" target="_blank">http://openid.net/specs/openid-connect-standard-1_0-21.html#client_Initiate_login</a><dl><dt>"login_hint</dt>
<dd>REQUIRED.
Hint to the Authorization Server
about the login identifier the End-User might use to log in (if necessary)."</dd></dl><br></div><div><br><br></div></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>
</div>