[Openid-specs-ab] Certification question: 'OP-redirect_uri-Missing' only in Dynamic?
Michael.Jones at microsoft.com
Wed Sep 12 20:39:10 UTC 2018
It’s in Dynamic because it’s straightforward to test when dynamic client registration is supported. When it is, the test tool can register multiple redirect_uri values. When dynamic client registration isn’t supported, the client typically only has a single redirect_uri value.
Yes, it’s relevant all the time, but testing it isn’t really practical otherwise.
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Nat Sakimura via Openid-specs-ab
Sent: Thursday, August 30, 2018 11:51 PM
To: openid-specs-ab at lists.openid.net Ab <openid-specs-ab at lists.openid.net>
Cc: Nat Sakimura <sakimura at gmail.com>
Subject: [Openid-specs-ab] Certification question: 'OP-redirect_uri-Missing' only in Dynamic?
I just started to look at the conformance profile 3.0 .
There is a test 'OP-redirect_uri-Missing' which tests whether the OP Reject request without redirect_uri when multiple registered. It is only required in the Dynamic profile and not in Basic etc. Is there any particular reason for this? I think this test is also relevant to Basic etc.
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab