We're explicit about being able to extend JSON structures in Sec 1.1 of
each spec, but that's almost a courtesy. (That dated from the era of
request messages all being in JSON, vs. our more OAuth-oriented outlook
now.) Can we even prevent adding extension parameters?
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Mon, Oct 2, 2017 at 10:32 PM, Mike Schwartz
UMA Gurus,
https://docs.kantarainitiative.org/uma/ed/oauth-uma- federated-authz-2.0-07.html#rfc.section.4.1
Section 4.1 Resource Server Request to Permission Endpoint says "it has the following parameters".
Can it have extra parameters?
The OpenID Connect Core authentication request spec says "Other parameters MAY be sent."
- Mike
-- ------------------------ Michael Schwartz Gluu Founder / CEO mike@gluu.org https://www.linkedin.com/in/nynymike/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma