[Openid-specs-ab] Issue #999: Core - 3.1.2.6 para 3: Clarification proposal (openid/connect)
Nat Sakimura
issues-reply at bitbucket.org
Thu Aug 18 14:48:07 UTC 2016
New issue 999: Core - 3.1.2.6 para 3: Clarification proposal
https://bitbucket.org/openid/connect/issues/999/core-3126-para-3-clarification-proposal
Nat Sakimura:
Paragraph 3 states:
Unless the Redirection URI is invalid, the Authorization Server returns the Client to
the Redirection URI specified in the Authorization Request with the appropriate
error and state parameters. Other parameters SHOULD NOT be returned.
It is ambiguous on what is to be done if the Redirection URI is invalid.
Propose adding:
If Redirection URI is invalid, the Authorization Server MUST NOT
return the Client to the Redirection URI provided in the Authorization Request.
Responsible: mbj
More information about the Openid-specs-ab
mailing list