[Openid-specs-ab] Issue #2051: redirect_uri schema (openid/connect)
alen_horvat
issues-reply at bitbucket.org
Wed Aug 30 09:05:31 UTC 2023
New issue 2051: redirect_uri schema
https://bitbucket.org/openid/connect/issues/2051/redirect_uri-schema
Alen Horvat:
Current client\_id\_schema = redirect\_uri relies on a prior knowledge about the client\_id \+ TLS. \(does not apply to other schemas\)
TLS certificates contain only host names or they are wildcard certs.
1. Redirect URI will always contain an additional path
2. Redirect URI can be set dynamically or it can change over time \(usually configuration is used to declare the endpoint\)
3. In multi-tenant systems identity may be expressed in the sub-domain name or in the path of the redirect uri
For the first 2 points, would it make sense to set the client\_id as the base URI, where the redirect\_uri\_path would only contain a path that must be append to the client\_id?
3rd point is a bit more tricky when identity of the RP is expressed in the path or subdomain \+ wildcard certs are used.
Is it in interest of the WG to consider the improvements?
More information about the Openid-specs-ab
mailing list