[Openid-specs-ab] Issue #1026: Self Issued provider returning tokens to an RP App in iOS (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Fri May 11 19:37:42 UTC 2018


New issue 1026: Self Issued provider returning tokens to an RP App in iOS
https://bitbucket.org/openid/connect/issues/1026/self-issued-provider-returning-tokens-to

Nat Sakimura:

Self Issued provider is returning tokens in the authorization response. If the RP is an App, then whether the right RP App is going to be called back or not is kind of iffy when it is relying on a custom scheme. 

We probably should add a note to recommend or even require the use of claimed URI instead of custom scheme.




More information about the Openid-specs-ab mailing list