[Openid-specs-fapi] Issue #347: reject vs ignore on plain (or outside PAR) authorization request parameters (openid/fapi)
panva
issues-reply at bitbucket.org
Thu Nov 19 18:41:45 UTC 2020
New issue 347: reject vs ignore on plain (or outside PAR) authorization request parameters
https://bitbucket.org/openid/fapi/issues/347/reject-vs-ignore-on-plain-or-outside-par
Filip Skokan:
> 5. shall reject authorization requests sent without \[@I-D.lodderstedt-oauth-par\] or authorization request parameters sent outside of the PAR request, except for `request_uri` and `client_id`
Is ignoring parameters outside of PAR as defined by JAR/PAR not sufficient? This is introducing yet another splinter of already so fractured specification family.
More information about the Openid-specs-fapi
mailing list