[Openid-specs-ab] Native apps redirect_uri scheme

Roland Hedberg roland at catalogix.se
Tue Mar 21 16:59:59 UTC 2017


Hi!

There is a thing we probably have to issue an errata for in the OIDC cleint registration document.

This is the case:

— In http://openid.net/specs/openid-connect-registration-1_0.html it says in the text about
application_type:

”Native Clients MUST only register redirect_uris using custom URI schemes or URLs using the http: scheme with localhost as the hostname. "

Now this conflicts with what is said in https://tools.ietf.org/id/draft-ietf-oauth-native-apps-09.html
where in section 7 it lists these redirect URI options:
7.1 Custom URI
7.2 HTTPS
7.3 loopback aka HTTP://127.0.0.1 

Furthermore in 8.6 it says about the use of loopback URI:
"While redirect URIs using localhost (i.e.  http://localhost:{port}/) function similarly to loopback IP redirects described in Section 7.3, the use of localhost is NOT RECOMMENDED. "

-- Roland
"Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain





More information about the Openid-specs-ab mailing list