[Openid-specs-mobile-profile] Issue #123: CIBA: hint and hint_type (openid/mobile)
Takahiko Kawasaki
issues-reply at bitbucket.org
Wed Nov 28 11:24:09 UTC 2018
New issue 123: CIBA: hint and hint_type
https://bitbucket.org/openid/mobile/issues/123/ciba-hint-and-hint_type
Takahiko Kawasaki:
This may be too late to suggest, but I'm feeling that `hint` and `hint_type` request parameters would be better than having a different request parameter per hint type.
The current spec has three request parameters, `login_hint_token`, `id_token_hint` and `login_hint`. They represent hints and they must not coexist in a backchannel authentication request.
My suggestion is to abolish the three request parameters and define new `hint` and `hint_type` request parameters as follows:
| name | description |
|:--|:--|
|`hint`|An arbitrary string. Its format depends on `hint_type`.|
|`hint_type`|`id_token`, etc.|
By adopting this style, we can:
1. make it easy for implementations **to ensure that multiple hints are not included in a backchannel authentication request**,
2. get flexibility in defining and adding hint types,
3. avoid adding a new request parameter every time a new hint type is invented in the future, and
4. move detailed hint-type-specific descriptions to other section or to other separate spec documents.
See also my comment added to Issue #71 (CIBA hint validation clarification).
More information about the Openid-specs-mobile-profile
mailing list