oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sanso (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OLTU-204) When responseType equal to "id_token" the resulting token is passed back as a query parameter
Date Wed, 25 Oct 2017 13:12:01 GMT

     [ https://issues.apache.org/jira/browse/OLTU-204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Antonio Sanso updated OLTU-204:
-------------------------------
    Labels: review  (was: )

> When responseType equal to "id_token" the resulting token is passed back as a query parameter
> ---------------------------------------------------------------------------------------------
>
>                 Key: OLTU-204
>                 URL: https://issues.apache.org/jira/browse/OLTU-204
>             Project: Apache Oltu
>          Issue Type: Bug
>            Reporter: Godwin Amila Shrimal
>              Labels: review
>
> When responseType equal to "id_token" the resulting token is passed back as a query parameter.
This is incorrect as the OpenID Connect specification says that it must be sent back as a
URL fragment (i.e. following hash instead of question mark). See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
for more information.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message