Does it make sense to add: "Other parameters MAY be sent."
The OpenID Authn request explicitly states this, and it's just clarifying.
- Mike
On 2017-10-03 08:17, Justin Richer wrote:
You can try to prevent it, but people would ignore that and do it
anyway in practice. :)
-- Justin
On 10/2/2017 4:47 PM, Eve Maler wrote:
We're explicit about being able to extend JSON structures in Sec 1.1https://docs.kantarainitiative
of each spec, but that's almost a courtesy. (That dated from the era
of request messages all being in JSON, vs. our more OAuth-oriented
outlook now.) Can we even prevent adding extension parameters?
Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Mon, Oct 2, 2017 at 10:32 PM, Mike Schwartz <mike@gluu.org>
wrote:
UMA Gurus,
.org/uma/ed/oauth-uma- federated-authz-2.0-07.html# rfc.section.4.1
[1]
Section 4.1 Resource Server Request to Permission Endpoint says
"it has the following parameters".
Can it have extra parameters?
The OpenID Connect Core authentication request spec says "Other
parameters MAY be sent."
- Mike
--
------------------------
Michael Schwartz
Gluu
Founder / CEO
mike@gluu.org
https://www.linkedin.com/in/nynymike/ [2]
_______________________________________________ https://kantarainitiative.org/
WG-UMA mailing list
WG-UMA@kantarainitiative.org
mailman/listinfo/wg-uma [3]
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma
Links:
------
[1]
https://docs.kantarainitiative.org/uma/ed/oauth-uma- federated-authz-2.0-07.html# rfc.section.4.1
[2] https://www.linkedin.com/in/nynymike/
[3] https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma