[Openid-specs-igov] Assurance Profile for OAuth or OIDC
Justin Richer
jricher at mit.edu
Thu Oct 5 18:30:00 UTC 2017
The examples were pulled from a document that was originally focused on OIDC and run against an OIDC server. The scope of the document should not change — it’s an OAuth2 profile — but the examples can probably be cleaned up to be more specific. Feel free to submit edits to do just that!
— Justin
> On Oct 4, 2017, at 6:27 PM, Phil Hunt via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
>
> For the draft openid-igov-oauth2, I am finding it confusing because the examples are all OIDC based rather than OAuth2 as per the document title.
>
> For example, Section 2.1.1 talks about using the “state" parameter and then uses an OIDC example without a state parameter but with “nonce" instead.
>
> Is the intent to cover OIDC and plain OAuth or both? Or should the draft be entitled Profile for OIDC?
>
> Perhaps some more explanatory text and/or examples for both types should be included?
>
> Regards,
>
> Phil
>
> Oracle Corporation, Identity Cloud Services Architect
> @independentid
> www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
> _______________________________________________
> Openid-specs-igov mailing list
> Openid-specs-igov at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-igov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-igov/attachments/20171005/0e44d9d4/attachment.html>
More information about the Openid-specs-igov
mailing list