Excellent, now you have put your finger on the precise issue with OIDC -
lots of optional extensions and shiny trinkets and lack of a clear
definition of a core subset
for servers.
I realize its exciting for consultants, software and toolkit vendors to
have that sort of optionality, but in practice, its NOT A GOOD THING in
a protocol.
[quote]
It is a bit like saying an 18 wheeler is suitable for driving the
kids to school. :-)
I don't think this is true. Most oidc oauth extensions are optional
with the sole requirement that providers don't barf if you send them.
[\quote]
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth