[Openid-specs-fapi] Issue #347: reject vs ignore on plain (or outside PAR) authorization request parameters (openid/fapi)

panva issues-reply at bitbucket.org
Thu Nov 19 18:41:45 UTC 2020


New issue 347: reject vs ignore on plain (or outside PAR) authorization request parameters
https://bitbucket.org/openid/fapi/issues/347/reject-vs-ignore-on-plain-or-outside-par

Filip Skokan:

> 5. shall reject authorization requests sent without \[@I-D.lodderstedt-oauth-par\] or authorization request parameters sent outside of the PAR request, except for `request_uri` and `client_id`

Is ignoring parameters outside of PAR as defined by JAR/PAR not sufficient? This is introducing yet another splinter of already so fractured specification family.




More information about the Openid-specs-fapi mailing list