[Openid-specs-mobile-profile] Issue #84: CIBA: Redirects and the Client Notification Endpoint (openid/mobile)
issues-reply at bitbucket.org
Tue Sep 11 08:17:36 UTC 2018
New issue 84: CIBA: Redirects and the Client Notification Endpoint
I just want to check the reasoning for the current wording:
The Client SHOULD NOT return an HTTP 3xx code.
The OP SHOULD NOT follow redirects.
All redirects MUST be HTTPS.
I think this is saying:
- Client shouldn't have any redirects on their notification endpoint
- OPs shouldn't follow redirects if the client ignores this
- Even there are redirects then they must be HTTPS
Is my understanding correct and is the WG happy with this approach?
More information about the Openid-specs-mobile-profile