[Openid-specs-ab] Inconsistency in redirect_uri definitions

John Bradley ve7jtb at ve7jtb.com
Fri Jun 7 18:39:04 UTC 2013


I think port is part of the authority segment,  though people think of it as hostname RFC3986 refers to it as authority.   Authority includes userinfo, hostname and port parts.

My other message recommends against trying to get people to do normalization.

On 2013-06-07, at 8:15 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:

> Also in the lists of URI components, I believe that “Port” should follow “Host”.
>  
>                                                             -- Mike
>  
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
> Sent: Friday, June 07, 2013 10:58 AM
> To: Tim Bray
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Inconsistency in redirect_uri definitions
>  
> Yes – changing the Messages, Basic, and Implicit specs to match what the Standard spec says.
>  
> From: Tim Bray [mailto:tbray at textuality.com] 
> Sent: Friday, June 07, 2013 10:45 AM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Inconsistency in redirect_uri definitions
>  
> When you say “match Standard” you mean referring to the enumeration of scheme/host/path/query, I assume.  As opposed to the reference to dynamic client registration?  BTW RFC3986 section 6.2 (http://tools.ietf.org/html/rfc3986#section-6.2) has useful material on URI comparison. You could simply refer to 6.2.1 and omit the enumeration.
>  
> 
> On Fri, Jun 7, 2013 at 10:33 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> While working on the spelling and grammar check, I noticed the following in redirect_uri definitions.  While I hate to bring this up while we’re trying to finish the Implementer’s Drafts, this is potentially a recall-class issue, so I wanted to raise it now, rather than have it come up later.
>  
> Messages, Basic, and Implicit say:
> redirect_uri
> REQUIRED. Redirection URI to which the response will be sent. This MUST be pre-registered with the OpenID Provider.
>  
> Standard says:
> redirect_uri
> REQUIRED. Redirection URI to which the response will be sent. The Scheme, Host, Path, and Query Parameter segments of this URI MUST match one of the redirect_uris registered for the client_id in the OpenID Connect Dynamic Client Registration 1.0 [OpenID.Registration] specification.
>  
> Dynamic Registration says:
> redirect_uris
> REQUIRED. Array of redirection URIs values used in the Authorization Code and Implicit grant types. One of these registered redirection URI values MUST match the Scheme, Host, and Path segments of the redirect_uri parameter value used in each Authorization Request.
>  
> Should Messages, Basic, and Implicit be changed to match Standard?  That’s my sense of the situation, but wanted to get others’ input before doing so.
>  
>                                                             Thanks,
>                                                             -- Mike
>  
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
>  
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130607/c5567345/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4507 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130607/c5567345/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list