From bfe6cd28170de90b937eef986782cec0960e9a6a Mon Sep 17 00:00:00 2001 From: Bobby Rullo Date: Thu, 3 Sep 2015 09:56:48 -0700 Subject: [PATCH] Documentation: remove outdated TLS info --- Documentation/oidc-notes.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/Documentation/oidc-notes.md b/Documentation/oidc-notes.md index 02fdce6d67..4aec15dda0 100644 --- a/Documentation/oidc-notes.md +++ b/Documentation/oidc-notes.md @@ -14,9 +14,6 @@ Sec. 2. [ID Token](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) Sec. 3. [Authentication](http://openid.net/specs/openid-connect-core-1_0.html#Authentication) - Only the authorization code flow (where `response_type` is `code`) is supported. -Sec. 3.1.2. [Authorization Endpoint](http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint) -- In a production system TLS is required but the dex web-server only supports HTTP right now - it is expected that until HTTPS is supported, TLS termination will be handled outside of dex. - Sec. 3.1.2.1. [Authentication Request](http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) - max_age not implemented; it's OPTIONAL in the spec, but if it's present servers MUST include auth_time, which dex does not. - None of the other OPTIONAL parameters are implemented with the exception of: