[Openid-specs-ab] Issue #1169: s/URL/URI/g in Core: 6.2.1 (openid/connect)

Nat issues-reply at bitbucket.org
Thu Jun 4 11:26:52 UTC 2020

New issue 1169: s/URL/URI/g in Core: 6.2.1

Nat Sakimura:

While we intended that request\_uri is an URI as the name suggest, the text still uses “URL”. It actually is kind of ok as it needs to be dereferenceable by the AS, but that does not mean that it needs to be HTTPS reachable. However,  in the past, I have seen a lot of people interpreting URL as https://… 

To mitigate the misunderstanding, I suggest changing URL to URI. While it will broaden the meaning, it should be fine as it is constrained within the text of 6.2 as  

The `request_uri` value MUST be reachable by the Authorization Server,

More information about the Openid-specs-ab mailing list