[Openid-specs-ab] Question to Google about redirect_uri parameter in authorization request

Brian Campbell bcampbell at pingidentity.com
Tue Dec 4 17:17:47 UTC 2012

Hey Breno and/or Naveen,

Would you guys be OK with relaxing the Connect specs to allow the
redirect_uri parameter to be omitted from an authorization request when
only one redirect_uri is registered for the given client?

The reason I'm asking it that the Connect specs are more strict about the
redirect_uri parameter than the base OAuth spec and I'd submitted at ticket
[1] requesting that Connect align with the RFC that it extends from. The
Connect editors have said the added constraint on the parameter was placed
there because it's how the the Google implementation worked and asked me to
follow up with you guys [2] to understand why you were requiring it and if
it is OK to relax that requirement in the Connect specs.

Can you shed some light on that decision and/or just give the to make the
change at the spec level?

Thanks in advance,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121204/59ad9c92/attachment.html>

More information about the Openid-specs-ab mailing list