[jira] [Created] (OLTU-204) When responseType equal to "id_token" the resulting token is passed back as a query parameter

Godwin Amila Shrimal (JIRA) Thu, 17 Nov 2016 02:12:31 -0800

Godwin Amila Shrimal created OLTU-204:
-----------------------------------------


             Summary: When responseType equal to "id_token" the resulting token 
is passed back as a query parameter
                 Key: OLTU-204
                 URL: https://issues.apache.org/jira/browse/OLTU-204
             Project: Apache Oltu
          Issue Type: Bug
            Reporter: Godwin Amila Shrimal


When responseType equal to "id_token" the resulting token is passed back as a 
query parameter. This is incorrect as the OpenID Connect specification says 
that it must be sent back as a URL fragment (i.e. following hash instead of 
question mark). See 
http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security for 
more information.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (OLTU-204) When responseType equal to "id_token" the resulting token is passed back as a query parameter

Reply via email to