[Openid-specs-fapi] Issue #317: Part 1 'require the redirect_uri parameter' could have a better wording (openid/fapi)

josephheenan issues-reply at bitbucket.org
Sat Sep 19 11:52:35 UTC 2020


New issue 317: Part 1 'require the redirect_uri parameter' could have a better wording
https://bitbucket.org/openid/fapi/issues/317/part-1-require-the-redirect_uri-parameter

Joseph Heenan:

This text in FAPI-R, [https://bitbucket.org/openid/fapi/annotate/master/Financial\_API\_WD\_001.md?at=master&fileviewer=file-view-default#Financial\_API\_WD\_001.md-159](https://bitbucket.org/openid/fapi/annotate/master/Financial_API_WD_001.md?at=master&fileviewer=file-view-default#Financial_API_WD_001.md-159)

```
shall require the `redirect_uri` parameter in the authorization request;
```

can be read as the AS needing to require the redirect\_uri specifically in a url parameter \(rather than in a request object\), which combines badly with PAR/JAR where you definitely don’t need to require it in a url parameter to the authorization endpoint. I’m pretty sure the intent is just that the redirect uri is explicitly stated somewhere, possibly we should tweak the language if we can find a better wording.




More information about the Openid-specs-fapi mailing list