[Openid-specs-fapi] What does "When a pure OAuth 2.0 is used" mean? (Part 2 / 7.3 / 6 / the 3rd item)
daru.tk at gmail.com
Thu Feb 8 15:40:17 UTC 2018
*> FAPI Part 2, 7.3 Successful response, 6, the 3rd item:*
*> iss : A JSON string that represents the issuer identifier of the
authorization server as defined in RFC7519. When a pure OAuth 2.0 is used,
the value is the redirection URI. When OpenID Connect is used, the value is
the issuer value of the authorization server.*
What does *"When a pure OAuth 2.0 is used"* mean? Does it mean *"when the
request object registration request is a pure OAuth 2.0 request"*? Or does
it mean *"when the authorization server is configured as a pure OAuth 2.0
server"*? Or else?
In addition, regarding *"the value is the redirection URI"*, how can the
authorization server determine the redirection URI when multiple
redirection URIs are registered?
Likewise, what does *"When OpenID Connect is used"* mean?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi