[Openid-specs-fapi] Issue #317: Part 1 'require the redirect_uri parameter' could have a better wording (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Sat Sep 19 11:52:35 UTC 2020
New issue 317: Part 1 'require the redirect_uri parameter' could have a better wording
https://bitbucket.org/openid/fapi/issues/317/part-1-require-the-redirect_uri-parameter
Joseph Heenan:
This text in FAPI-R, [https://bitbucket.org/openid/fapi/annotate/master/Financial\_API\_WD\_001.md?at=master&fileviewer=file-view-default#Financial\_API\_WD\_001.md-159](https://bitbucket.org/openid/fapi/annotate/master/Financial_API_WD_001.md?at=master&fileviewer=file-view-default#Financial_API_WD_001.md-159)
```
shall require the `redirect_uri` parameter in the authorization request;
```
can be read as the AS needing to require the redirect\_uri specifically in a url parameter \(rather than in a request object\), which combines badly with PAR/JAR where you definitely don’t need to require it in a url parameter to the authorization endpoint. I’m pretty sure the intent is just that the redirect uri is explicitly stated somewhere, possibly we should tweak the language if we can find a better wording.
More information about the Openid-specs-fapi
mailing list