[Openid-specs-ab] Inconsistency in redirect_uri definitions

Tim Bray tbray at textuality.com
Fri Jun 7 17:45:24 UTC 2013


When you say “match Standard” you mean referring to the enumeration of
scheme/host/path/query, I assume.  As opposed to the reference to dynamic
client registration?  BTW RFC3986 section 6.2 (
http://tools.ietf.org/html/rfc3986#section-6.2) has useful material on URI
comparison. You could simply refer to 6.2.1 and omit the enumeration.


On Fri, Jun 7, 2013 at 10:33 AM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  While working on the spelling and grammar check, I noticed the following
> in redirect_uri definitions.  While I hate to bring this up while we’re
> trying to finish the Implementer’s Drafts, this is potentially a
> recall-class issue, so I wanted to raise it now, rather than have it come
> up later.****
>
> ** **
>
> Messages, Basic, and Implicit say:****
>
> redirect_uri****
>
> REQUIRED. Redirection URI to which the response will be sent. This MUST be
> pre-registered with the OpenID Provider. ****
>
> ** **
>
> Standard says:****
>
> redirect_uri****
>
> REQUIRED. Redirection URI to which the response will be sent. The Scheme,
> Host, Path, and Query Parameter segments of this URI MUST match one of the
> redirect_uris registered for the client_id in the OpenID Connect Dynamic
> Client Registration 1.0 [OpenID.Registration] specification. ****
>
> ** **
>
> Dynamic Registration says:****
>
> redirect_uris****
>
> REQUIRED. Array of redirection URIs values used in the Authorization Code
> and Implicit grant types. One of these registered redirection URI values
> MUST match the Scheme, Host, and Path segments of the redirect_uriparameter value used in each Authorization Request.
> ****
>
> ** **
>
> Should Messages, Basic, and Implicit be changed to match Standard?  That’s
> my sense of the situation, but wanted to get others’ input before doing so.
> ****
>
> ** **
>
>                                                             Thanks,****
>
>                                                             -- Mike****
>
> ** **
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130607/4b95f553/attachment-0001.html>


More information about the Openid-specs-ab mailing list