[Openid-specs-fapi] Issue #149: Make it clear that the entire flow is OIDC Hybrid Flow (openid/fapi)
Nat Sakimura
issues-reply at bitbucket.org
Wed Jul 4 07:53:48 UTC 2018
New issue 149: Make it clear that the entire flow is OIDC Hybrid Flow
https://bitbucket.org/openid/fapi/issues/149/make-it-clear-that-the-entire-flow-is-oidc
Nat Sakimura:
I was pointed out that this was not clear as stated below:
The flow is explicitly stated to be a "profile of The OAuth 2.0
Authorization Framework" (section 5.2.1 of profile 2), which does not
have a hybrid flow. The behavior of the AS in the rw-flow is inherited
from the AS of the r-flow, which is an OAuth 2.0 profile. As we see
it, in the case of a r-flow, the AS only returns an id token if the
scope contains openid. Therefore, we assumed that this also holds true
for the rw-flow.
More information about the Openid-specs-fapi
mailing list