[Openid-specs-fapi] Issue #80: Token Response (openid/fapi)
Pamela Dingle
issues-reply at bitbucket.org
Thu Mar 23 11:50:05 UTC 2017
New issue 80: Token Response
https://bitbucket.org/openid/fapi/issues/80/token-response
Pamela Dingle:
In section 5.2.2 of the read-only spec, there is a bullet that says "shall return the token response as defined in 4.1.4 of [RFC6749]". If the only point in this bullet is to require the implementer to follow the RFC 6749 spec, then you should really have a bullet like this for every section of 6749. Was there some particular thing that the spec writers wanted to ensure with this bullet?
If the goal was to ensure that non-conformant token responses are not accepted, perhaps you could say that the Authorization Server "shall only return token responses that conform to section 4.1.4 of [RFC6749]" ?
More information about the Openid-specs-fapi
mailing list