[Openid-specs-mobile-profile] Issue #133: binding_message uses possibly undefined "plain text" term (openid/mobile)
Joseph Heenan
issues-reply at bitbucket.org
Fri Dec 14 11:44:21 UTC 2018
New issue 133: binding_message uses possibly undefined "plain text" term
https://bitbucket.org/openid/mobile/issues/133/binding_message-uses-possibly-undefined
Joseph Heenan:
The binding_message definition says:
> Because the devices may have limited display abilities and the message is intending for visual inspection by the end-user, the binding_message value SHOULD be relatively short and use a limited set of plain text characters.
I'm not sure how "plain text characters" is defined in this context. https://tools.ietf.org/html/rfc7994 defines it to contain tabs, newlines, etc and any valid unicode code point, which I don't think was the intention.
I'm unclear whether the intention was to allow (say) the use of kanji.
I'm presuming the OP should probably reject the authentication request with an error if it can't display the given binding message, this should perhaps be explicitly mentioned.
More information about the Openid-specs-mobile-profile
mailing list