Hi All, While trying out the OAuth 2.0 authorization code grant type with Google, I got the following response to my registered redirect_uri.
https://localhost:9000/app_uri?*state*=caf324471khs872&%20*code* =4/5wFzvDar86R-AJWCIE&%20*scope*=profile%20openid%20 https://www.googleapis.com/auth/userinfo.profile&%20*authuser*=0&%20*prompt* =consent As per the RFC6749 section 4.1.2, the authorization response from the authorization endpoint only includes code and state. Appreciate if you can share any insights on why Google adds scope, authuser and prompt parameters to the response, which are not in the OAuth 2.0 RFC - and do we consider those additional parameters as a violation of the RFC6749? Thanks! -Alex
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
