[jira] [Assigned] (OLTU-204) When responseType equal to "id_token" the resulting token is passed back as a query parameter

Simone Tripodi (JIRA) Wed, 25 Oct 2017 06:38:15 -0700

     [ 
https://issues.apache.org/jira/browse/OLTU-204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Simone Tripodi reassigned OLTU-204:
-----------------------------------

    Assignee: Antonio Sanso

> When responseType equal to "id_token" the resulting token is passed back as a 
> query parameter
> ---------------------------------------------------------------------------------------------
>
>                 Key: OLTU-204
>                 URL: https://issues.apache.org/jira/browse/OLTU-204
>             Project: Apache Oltu
>          Issue Type: Bug
>            Reporter: Godwin Amila Shrimal
>            Assignee: Antonio Sanso
>              Labels: review
>
> When responseType equal to "id_token" the resulting token is passed back as a 
> query parameter. This is incorrect as the OpenID Connect specification says 
> that it must be sent back as a URL fragment (i.e. following hash instead of 
> question mark). See 
> http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security 
> for more information.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OLTU-204) When responseType equal to "id_token" the resulting token is passed back as a query parameter

Reply via email to