Does it make sense to add:  "Other parameters MAY be sent."

The OpenID Authn request explicitly states this, and it's just clarifying.

- Mike


On 2017-10-03 08:17, Justin Richer wrote:

You can try to prevent it, but people would ignore that and do it
anyway in practice. :)

 -- Justin

On 10/2/2017 4:47 PM, Eve Maler wrote:

We're explicit about being able to extend JSON structures in Sec 1.1
of each spec, but that's almost a courtesy. (That dated from the era
of request messages all being in JSON, vs. our more OAuth-oriented
outlook now.) Can we even prevent adding extension parameters?

Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Mon, Oct 2, 2017 at 10:32 PM, Mike Schwartz <mike@gluu.org>
wrote:

UMA Gurus,

https://docs.kantarainitiative.org/uma/ed/oauth-uma-federated-authz-2.0-07.html#rfc.section.4.1

[1]

Section 4.1 Resource Server Request to Permission Endpoint says
"it has the following parameters".

Can it have extra parameters?

The OpenID Connect Core authentication request spec says "Other
parameters MAY be sent."

- Mike

--
------------------------
Michael Schwartz
Gluu
Founder / CEO
mike@gluu.org
https://www.linkedin.com/in/nynymike/ [2]
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma [3]

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma

Links:
------
[1]
https://docs.kantarainitiative.org/uma/ed/oauth-uma-federated-authz-2.0-07.html#rfc.section.4.1
[2] https://www.linkedin.com/in/nynymike/
[3] https://kantarainitiative.org/mailman/listinfo/wg-uma

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma