Does it make sense to add: "Other parameters MAY be sent." The OpenID Authn request explicitly states this, and it's just clarifying. - Mike On 2017-10-03 08:17, Justin Richer wrote:
You can try to prevent it, but people would ignore that and do it anyway in practice. :)
-- Justin
On 10/2/2017 4:47 PM, Eve Maler wrote:
We're explicit about being able to extend JSON structures in Sec 1.1 of each spec, but that's almost a courtesy. (That dated from the era of request messages all being in JSON, vs. our more OAuth-oriented outlook now.) Can we even prevent adding extension parameters?
Eve Maler Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Mon, Oct 2, 2017 at 10:32 PM, Mike Schwartz <mike@gluu.org> wrote:
UMA Gurus,
https://docs.kantarainitiative.org/uma/ed/oauth-uma-federated-authz-2.0-07.h...
[1]
Section 4.1 Resource Server Request to Permission Endpoint says "it has the following parameters".
Can it have extra parameters?
The OpenID Connect Core authentication request spec says "Other parameters MAY be sent."
- Mike
-- ------------------------ Michael Schwartz Gluu Founder / CEO mike@gluu.org https://www.linkedin.com/in/nynymike/ [2] _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma [3]
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
Links: ------ [1] https://docs.kantarainitiative.org/uma/ed/oauth-uma-federated-authz-2.0-07.h... [2] https://www.linkedin.com/in/nynymike/ [3] https://kantarainitiative.org/mailman/listinfo/wg-uma