On Thu, May 4, 2017 at 2:41 PM, Pushpalanka Jayawardhana <[email protected]> wrote:
> Hi All, > > This is in relation to issue [1] which happened when we issue ID_token for > client credentials grant. > > Client credentials grant type is not really a part of OpenID Connect > specification, as it only mentions of authorization code grant flow(Basic > Profile) and implicit grant flow (Implicit profile), and hybrid flow. > This is an additional thing when we issue id_token for client credentials > grant. > > Also this does not make much sense when we issue an ID_token to an > application which is presented in client credentials grant. > In my opinion we should get rid of this, if noone is currently using it. > Appreciate your inputs. > Also OpenID Connect specification does not talk about issuing ID_token for password grant type as well. Apart from specification POV issuing ID_token for password grant type is not logically wrong. Issuing ID_token for client credentials grant type is logically wrong hence +1 to remove the functionality. > > [1] - https://wso2.org/jira/browse/IDENTITY-4915 > > Thanks, > -- > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/ > pushpalanka/ | Twitter: @pushpalanka > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
