[Openid-specs-mobile-profile] Issue #208: types of several values in Authentication Request not defined (openid/mobile)
josephheenan
issues-reply at bitbucket.org
Mon Sep 12 01:13:17 UTC 2022
New issue 208: types of several values in Authentication Request not defined
https://bitbucket.org/openid/mobile/issues/208/types-of-several-values-in-authentication
Joseph Heenan:
In this section:
[https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1\_0.html#rfc.section.7.1](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1)
The types for several values seem to be left unstated. This probably doesn’t matter too much in unsigned requests, but does matter in signed requests.
For example, `login_hint` is presumably intended to be a string value. \(The [draft Brazil CIBA spec](https://github.com/OpenBanking-Brasil/specs-seguranca/blob/main/open-banking-brasil-financial-api-CIBA-1_ID1.md#resource-owner-identity-hint-mechanisms) appears to define it as a JSON object instead.\)
More information about the Openid-specs-mobile-profile
mailing list