[Openid-specs-ab] Inconsistency in redirect_uri definitions

Mike Jones Michael.Jones at microsoft.com
Fri Jun 7 17:33:43 UTC 2013


While working on the spelling and grammar check, I noticed the following in redirect_uri definitions.  While I hate to bring this up while we're trying to finish the Implementer's Drafts, this is potentially a recall-class issue, so I wanted to raise it now, rather than have it come up later.

Messages, Basic, and Implicit say:
redirect_uri
REQUIRED. Redirection URI to which the response will be sent. This MUST be pre-registered with the OpenID Provider.

Standard says:
redirect_uri
REQUIRED. Redirection URI to which the response will be sent. The Scheme, Host, Path, and Query Parameter segments of this URI MUST match one of the redirect_uris registered for the client_id in the OpenID Connect Dynamic Client Registration 1.0<file:///C:\mbj\DSG\OpenID\openid-connect-standard-1_0.html#OpenID.Registration> [OpenID.Registration] specification.

Dynamic Registration says:
redirect_uris
REQUIRED. Array of redirection URIs values used in the Authorization Code and Implicit grant types. One of these registered redirection URI values MUST match the Scheme, Host, and Path segments of the redirect_uri parameter value used in each Authorization Request.

Should Messages, Basic, and Implicit be changed to match Standard?  That's my sense of the situation, but wanted to get others' input before doing so.

                                                            Thanks,
                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130607/2f65ec00/attachment.html>


More information about the Openid-specs-ab mailing list