Perfect, and really good info! but most people, if we need to worry about the audience, are not going to put that together. They just read "OAUTH". It's not a deal breaker, but if the document is going to be easy to read and keep confusion to a minimum... then it would be nice if it addressed concepts like this that might seem obvious to you.
Granted, I am coming at this from a consultant perspective who works with a lot of companies who have architects that barely understand these technologies, but are implementing them for the enterprise. -Jared Skype:jaredljennings Signal:+1 816.730.9540 WhatsApp: +1 816.678.4152 On Wed, Mar 18, 2020 at 7:55 AM Justin Richer <jric...@mit.edu> wrote: > OpenID Connect is based on OAuth 2.0, not on OAuth 2.1. Therefore, it > would not be affected at all, whether through the hybrid or implicit flows. > > If OIDC pushes a revision to OAuth 2.1, then it would be bound by the > features of OAuth 2.1 and would need to contend with that. But until that > happens, everything we do with OAuth 2.1 has literally no effect on OAuth > 2.0 systems, including OIDC. > > — Justin > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
