You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Despite the specification explicitly stating "This is an Authorization Framework" as of OAuth 2.0, some Authorization Server/Resource Server and many Client developers have been using this for the purpose of user authentication. In order to avoid the occurrence of vulnerabilities and the lack of interoperability, I hope to include the following sentences:
Clients should not (or must not) implement user authentication functionality using this framework.
If an Authorization server wants to provide user authentication functionality to a Client, it should refer to the expanded OIDC specification for that purpose.
The text was updated successfully, but these errors were encountered:
Despite the specification explicitly stating "This is an Authorization Framework" as of OAuth 2.0, some Authorization Server/Resource Server and many Client developers have been using this for the purpose of user authentication. In order to avoid the occurrence of vulnerabilities and the lack of interoperability, I hope to include the following sentences:
The text was updated successfully, but these errors were encountered: