[Openid-specs-mobile-profile] Issue #139: unexpected language requiring clients to call token endpoint after receiving a callback (openid/mobile)
Joseph Heenan
issues-reply at bitbucket.org
Fri Dec 14 12:49:50 UTC 2018
New issue 139: unexpected language requiring clients to call token endpoint after receiving a callback
https://bitbucket.org/openid/mobile/issues/139/unexpected-language-requiring-clients-to
Joseph Heenan:
10.2. Ping Callback says:
> For valid requests, the Client MUST use the received auth_req_id to make a Token Request using the Backchannel Request Grant Type to the Token Endpoint as described in Token Request Using Backchannel Request Grant Type.
To me, this says that the client MUST call the token endpoint, even if it is no longer interested in the result of the authentication. I am not sure if that was intended?
More information about the Openid-specs-mobile-profile
mailing list