You're assuming that the user actually took an action to get to that
page. It's trivial for a website, any website, to craft a URL and
redirect a user to the IdP. I could give you a link here in this email
hidden behind a URL shortener or some other redirector. It would be very
bad practice to
Hi Justin
It helps, many thanks. I understand why 'MUST' is there now...
Cheers, Sergey
On 21/10/15 14:37, Justin Richer wrote:
You're assuming that the user actually took an action to get to that
page. It's trivial for a website, any website, to craft a URL and
redirect a user to the IdP. I
This was discussed extensively and is covered in the text of the RFC, but the
summary is simple: the request isn’t a bad request (which is what 400 means).
It’s a perfectly valid request, it’s just that the token you’re asking about
might not be valid for some reason, or it might not be valid
> -Original Message-
> From: Jim Schaad [mailto:i...@augustcellars.com]
> Sent: Wednesday, October 21, 2015 3:33 PM
> To: 'o...@ietf.org'
> Cc: 'j...@ietf.org'
> Subject: RE: [jose] Cross group Working Group Last Call -
draft-ietf-jose-jws-
>
Hi
I can not subscribe to an OIDC spec list, had some earlier questions not
flowing to the list and given I'm not sure this question is irrelevant
for this group (OIDC IDP is an OAuth2 server), I'm posting it here. If
you'd like me to re-post to the OIDC list then let me know
please...Sorry
Yes, nice job!
Sent from my iPhone
> On Oct 21, 2015, at 4:20 AM, Hannes Tschofenig
> wrote:
>
> Thank you Justin for the hard work!
>
>> On 10/20/2015 06:32 PM, Justin Richer wrote:
>> Thank you to everyone who helped make token introspection into a real
>>
Thank you Justin for the hard work!
On 10/20/2015 06:32 PM, Justin Richer wrote:
> Thank you to everyone who helped make token introspection into a real
> standard!
>
> — Justin
>
>> On Oct 19, 2015, at 6:56 PM, rfc-edi...@rfc-editor.org wrote:
>>
>> A new Request for Comments is now