[Openid-specs-ab] Certification question: 'OP-redirect_uri-Missing' only in Dynamic?

Mike Jones Michael.Jones at microsoft.com
Wed Sep 12 20:39:10 UTC 2018

It’s in Dynamic because it’s straightforward to test when dynamic client registration is supported.  When it is, the test tool can register multiple redirect_uri values.  When dynamic client registration isn’t supported, the client typically only has a single redirect_uri value.

Yes, it’s relevant all the time, but testing it isn’t really practical otherwise.

                                                       -- Mike

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Nat Sakimura via Openid-specs-ab
Sent: Thursday, August 30, 2018 11:51 PM
To: openid-specs-ab at lists.openid.net Ab <openid-specs-ab at lists.openid.net>
Cc: Nat Sakimura <sakimura at gmail.com>
Subject: [Openid-specs-ab] Certification question: 'OP-redirect_uri-Missing' only in Dynamic?


I just started to look at the conformance profile 3.0 [1].

[1] http://openid.net/wordpress-content/uploads/2018/06/OpenID-Connect-Conformance-Profiles.pdf

There is a test 'OP-redirect_uri-Missing' which tests whether the OP Reject request without redirect_uri when multiple registered. It is only required in the Dynamic profile and not in Basic etc. Is there any particular reason for this? I think this test is also relevant to Basic etc.

Best regards,

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180912/a502315d/attachment.html>

More information about the Openid-specs-ab mailing list