[Openid-specs-ab] Native apps redirect_uri scheme

Roland Hedberg roland at catalogix.se
Tue Mar 21 16:59:59 UTC 2017


There is a thing we probably have to issue an errata for in the OIDC cleint registration document.

This is the case:

— In http://openid.net/specs/openid-connect-registration-1_0.html it says in the text about

”Native Clients MUST only register redirect_uris using custom URI schemes or URLs using the http: scheme with localhost as the hostname. "

Now this conflicts with what is said in https://tools.ietf.org/id/draft-ietf-oauth-native-apps-09.html
where in section 7 it lists these redirect URI options:
7.1 Custom URI
7.3 loopback aka HTTP:// 

Furthermore in 8.6 it says about the use of loopback URI:
"While redirect URIs using localhost (i.e.  http://localhost:{port}/) function similarly to loopback IP redirects described in Section 7.3, the use of localhost is NOT RECOMMENDED. "

-- Roland
"Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain

More information about the Openid-specs-ab mailing list