[Openid-specs-ab] [openid/connect] Standard: redirect_uri registration & matching (issue #593)

Amanda_Anganes issues-reply at bitbucket.org
Mon May 21 20:19:14 UTC 2012

--- you can reply above this line ---

New issue 593: Standard: redirect_uri registration & matching


There is some confusion around the requirements for redirect_uri registration and matching from sections 2.3.1 and 3.1.1 in OpenID Connect Standard. 

2.3.1, Authorization Request: “Scheme, Host, and Path segments of this URI MUST match one of the redirect_uris registered for the client_id in the OpenID Connect Dynamic Client Registration 1.0 [OpenID.Registration] specification.”
3.1.1, Token Request: “The Authorization Server MUST: … Ensure that the redirect_uri parameter is present if the redirect_uri parameter was included in the initial Authorization Request and that their values are identical.”

Does “identical” in 3.1.1 mean the two strings must be exactly the same, or does it refer to the scheme, host, and path matching indicated in 2.3.1?

See working group threads at http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20120521/001939.html and http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20120514/001922.html.

Also see issue #591.


This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list