[Openid-specs-mobile-profile] Issue #84: CIBA: Redirects and the Client Notification Endpoint (openid/mobile)
Dave Tonge
issues-reply at bitbucket.org
Tue Sep 11 08:17:36 UTC 2018
New issue 84: CIBA: Redirects and the Client Notification Endpoint
https://bitbucket.org/openid/mobile/issues/84/ciba-redirects-and-the-client-notification
Dave Tonge:
I just want to check the reasoning for the current wording:
```
The Client SHOULD NOT return an HTTP 3xx code.
The OP SHOULD NOT follow redirects.
All redirects MUST be HTTPS.
```
I think this is saying:
- Client shouldn't have any redirects on their notification endpoint
- OPs shouldn't follow redirects if the client ignores this
- Even there are redirects then they must be HTTPS
Is my understanding correct and is the WG happy with this approach?
More information about the Openid-specs-mobile-profile
mailing list