[Openid-specs-ab] Native apps redirect_uri scheme
Roland Hedberg
roland at catalogix.se
Tue Mar 21 16:59:59 UTC 2017
Hi!
There is a thing we probably have to issue an errata for in the OIDC cleint registration document.
This is the case:
— In http://openid.net/specs/openid-connect-registration-1_0.html it says in the text about
application_type:
”Native Clients MUST only register redirect_uris using custom URI schemes or URLs using the http: scheme with localhost as the hostname. "
Now this conflicts with what is said in https://tools.ietf.org/id/draft-ietf-oauth-native-apps-09.html
where in section 7 it lists these redirect URI options:
7.1 Custom URI
7.2 HTTPS
7.3 loopback aka HTTP://127.0.0.1
Furthermore in 8.6 it says about the use of loopback URI:
"While redirect URIs using localhost (i.e. http://localhost:{port}/) function similarly to loopback IP redirects described in Section 7.3, the use of localhost is NOT RECOMMENDED. "
-- Roland
"Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain
More information about the Openid-specs-ab
mailing list