[Openid-specs-ab] Additional issues with redirect

Nat Sakimura sakimura at gmail.com
Tue May 22 17:58:55 UTC 2012


Just to clarify.

The value of the state parameter changes each time so it cannot be
registered to be exact match of course.

So what is the concrete matching rule?

Match the scheme, host, port and query parameter names?

=nat via iPhone

On 2012/05/19, at 14:34, Breno de Medeiros <breno at google.com> wrote:

> Google authz server requires exact match and allows no query
> parameters. The OAuth2 protocol was designed to support this by adding
> a pre-defined state parameter.


More information about the Openid-specs-ab mailing list