[Openid-specs-mobile-profile] Issue #137: language in token response may appears to override iidcc (openid/mobile)

Joseph Heenan issues-reply at bitbucket.org
Fri Dec 14 12:37:08 UTC 2018


New issue 137: language in token response may appears to override iidcc
https://bitbucket.org/openid/mobile/issues/137/language-in-token-response-may-appears-to

Joseph Heenan:

10.1.1. Successful Token Response says:

> After receiving and validating a valid and authorized Token Request from the Client and when the end-user associated with the supplied auth_req_id has been authenticated and has authorized the request, the OpenID Provider returns a successful response that includes an ID Token, an Access Token and optionally a Refresh Token as specified in Section 3.1.3.3 of [OpenID.Core]. 

I'm not sure if it's deliberate, but this implies to me that the scope parameter (as defined in https://tools.ietf.org/html/rfc6749#section-5.1 ) cannot be returned.




More information about the Openid-specs-mobile-profile mailing list