[Openid-specs-ab] SIOP Special Topic Call Notes 29-Sep-22
Joseph Heenan
joseph at authlete.com
Thu Sep 29 22:37:51 UTC 2022
Hi all
Apologies as I missed today’s call as I was at the OIX conference, but this bit was a slight surprise to me:
> On 29 Sep 2022, at 18:47, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>
> George said that redirections for .well-known URLs are allowed, such as from aol.com/.well-known/openid-configuration <http://aol.com/.well-known/openid-configuration> to another URL
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse says:
"A successful response MUST use the 200 OK HTTP status code”
To me, this precludes returning a 3xx response (and that is how the conformance suite interprets that clause currently).
If a redirect is allowed, this might be worth clarifying in an errata.
Thanks
Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220929/a2da7c5e/attachment.html>
More information about the Openid-specs-ab
mailing list