<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Inline<br><div><div>On Sep 29, 2014, at 8:09 PM, Paul Madsen <<a href="mailto:paul.madsen@gmail.com">paul.madsen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000">
<font size="+1"><font face="Arial">inline</font></font><br>
<div class="moz-cite-prefix">On 9/29/14, 3:03 PM, John Bradley
wrote:<br>
</div>
<blockquote cite="mid:19914753-1994-4907-99B8-49284E236EA2@ve7jtb.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Inline<br>
<div>
<div>On Sep 29, 2014, at 1:23 PM, Emily Xu <<a moz-do-not-send="true" href="mailto:exu@vmware.com">exu@vmware.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; font-size: 14px;
font-family: Calibri, sans-serif;">
<div>I have a couple of questions related to NAPPS AppInfo
endpoint.</div>
<div><br>
</div>
<div>1. In Section 7.2.1, it says "Access Token obtained
from an OpenID Connect Authorization Request". I assume it
means the access_token should contain "openid" in scope.
Is it correct?</div>
</div>
</blockquote>
<div><br>
</div>
The format of access tokens issued by the Authorization endpoint
for the AppInfo endpoint is unspecified, as the AppInfo endpoint
and the AS are tightly related and the tokens are opaque to the
client.</div>
<div><br>
</div>
<div>The Authorization request MUST have "openid" in the scopes
requested. It is however up to the AS to decide if that needs
to be indicated in the access token.</div>
<div><br>
<blockquote type="cite">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; font-size: 14px;
font-family: Calibri, sans-serif;">
<div><br>
</div>
<div>2. In Section 7.2.2, it says</div>
<div> "apps</div>
<div>REQUIRED (Array). One or more JSON objects containing
claims about applications that the
<em>TA</em> can provide tokens or web boot-stap uri for."</div>
</div>
</blockquote>
<blockquote type="cite">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; font-size: 14px;
font-family: Calibri, sans-serif;">
<div><br>
</div>
<div>Any reason it must be "One or more" instead of "Zero or
more"? If there is zero app authorized for this particular
user, what the response should be?</div>
</div>
</blockquote>
<div><br>
</div>
OK Good point if there are no apps then it would be an empty
array. I suspect that was a hold over from the TA validating
the bundleid directly as the TA woulden't have had much to do
with zero apps.</div>
</blockquote>
if the user is authorized for *no* apps, then why would the AS
return tokens to the TA in the first place?<br></div></blockquote><div><br></div>The AS wouldn't</div><div><br></div><div>The problem was that the Appinfo endpoint description of the list of apps implied that there would be at least one in the array. </div><div><br></div><div>There might be zero apps listed for the TA. </div><div><br></div><div>Also because an app is listed in the app_info endpoint, doesn't guarantee that the AS will issue a token at any particular point in time.</div><div><br></div><div>The TA can try to get a token from the AS anyway, by sending the bundleID.</div><div><br></div><div><br></div><div>John B.<br><blockquote type="cite"><div bgcolor="#FFFFFF" text="#000000">
<blockquote cite="mid:19914753-1994-4907-99B8-49284E236EA2@ve7jtb.com" type="cite">
<div><br>
</div>
<div>I will make that change.</div>
<div><br>
</div>
<div>John B.<br>
<blockquote type="cite">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; font-size: 14px;
font-family: Calibri, sans-serif;">
<div><span style="text-align: left; "><br>
</span></div>
<div><span style="text-align: left; ">Thanks,</span></div>
<div><span style="text-align: left; ">Emily</span></div>
</div>
_______________________________________________<br>
Openid-specs-native-apps mailing list<br>
<a moz-do-not-send="true" href="mailto:Openid-specs-native-apps@lists.openid.net">Openid-specs-native-apps@lists.openid.net</a><br>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-native-apps">http://lists.openid.net/mailman/listinfo/openid-specs-native-apps</a><br>
</blockquote>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-native-apps mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-native-apps@lists.openid.net">Openid-specs-native-apps@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-native-apps">http://lists.openid.net/mailman/listinfo/openid-specs-native-apps</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></body></html>