[Openid-specs-fapi] Issue #304: Are duplicates of the response_type, client_id, and scope values necessary when using PAR? (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Wed Aug 5 18:49:26 UTC 2020
New issue 304: Are duplicates of the response_type, client_id, and scope values necessary when using PAR?
https://bitbucket.org/openid/fapi/issues/304/are-duplicates-of-the-response_type
Joseph Heenan:
Part 2 currently says:
> shall additionally send duplicates of the `response_type`, `client_id`, and `scope` parameters/values using the OAuth 2.0 request syntax as required by the OAuth and OpenID Connect specifications;
Should this have a “if not using request\_uri” qualification? It seems unnecessary to send these if using PAR, given PAR is an IETF spec and can remove \(/has removed\) the underlying OAuth2 requirement for the duplicates.
More information about the Openid-specs-fapi
mailing list