[Openid-specs-native-apps] AppInfo endpoint
Paul Madsen
paul.madsen at gmail.com
Mon Sep 29 23:09:06 UTC 2014
inline
On 9/29/14, 3:03 PM, John Bradley wrote:
> Inline
> On Sep 29, 2014, at 1:23 PM, Emily Xu <exu at vmware.com
> <mailto:exu at vmware.com>> wrote:
>
>> I have a couple of questions related to NAPPS AppInfo endpoint.
>>
>> 1. In Section 7.2.1, it says "Access Token obtained from an OpenID
>> Connect Authorization Request". I assume it means the access_token
>> should contain "openid" in scope. Is it correct?
>
> The format of access tokens issued by the Authorization endpoint for
> the AppInfo endpoint is unspecified, as the AppInfo endpoint and the
> AS are tightly related and the tokens are opaque to the client.
>
> The Authorization request MUST have "openid" in the scopes requested.
> It is however up to the AS to decide if that needs to be indicated in
> the access token.
>
>>
>> 2. In Section 7.2.2, it says
>> "apps
>> REQUIRED (Array). One or more JSON objects containing claims about
>> applications that the /TA/ can provide tokens or web boot-stap uri for."
>>
>> Any reason it must be "One or more" instead of "Zero or more"? If
>> there is zero app authorized for this particular user, what the
>> response should be?
>
> OK Good point if there are no apps then it would be an empty array.
> I suspect that was a hold over from the TA validating the bundleid
> directly as the TA woulden't have had much to do with zero apps.
if the user is authorized for *no* apps, then why would the AS return
tokens to the TA in the first place?
>
> I will make that change.
>
> John B.
>>
>> Thanks,
>> Emily
>> _______________________________________________
>> Openid-specs-native-apps mailing list
>> Openid-specs-native-apps at lists.openid.net
>> <mailto:Openid-specs-native-apps at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-native-apps
>
>
>
> _______________________________________________
> Openid-specs-native-apps mailing list
> Openid-specs-native-apps at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-native-apps
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140929/ee7fbe47/attachment.html>
More information about the Openid-specs-native-apps
mailing list