<div dir="ltr"><div dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jan 1, 2023 at 7:42 AM Torsten Lodderstedt via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;"><br><div>The new revision makes SIOPv2 compatible with JAR, i.e. the authorization request MUST no longer contain all request parameters but only the client_id and the request/request_uri parameter.<br></div></div></blockquote><div><br></div><div>Should the example at <a href="https://openid.net/specs/openid-connect-self-issued-v2-1_0-12.html#section-5-5">https://openid.net/specs/openid-connect-self-issued-v2-1_0-12.html#section-5-5</a> (that has nonce, scope, and response_type) be updated to reflect that? <br></div><div><br></div><div><br></div><div><pre>    response_type=id_token
    &client_id=https%3A%2F%<a href="http://2Fclient.example.org">2Fclient.example.org</a>%2Fcb
    &request_uri=https%3A%2F%<a href="http://2Fclient.example.org">2Fclient.example.org</a>%2Frequest
    &scope=openid
    &nonce=n-0S6_WzA2Mj</pre></div></div></div>

<br>
<i style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:rgb(255,255,255);font-family:proxima-nova-zendesk,system-ui,-apple-system,system-ui,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;color:rgb(85,85,85)"><span style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"><font size="2">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</font></span></i>