[Openid-specs-ab] Question to Google about redirect_uri parameter in authorization request
bcampbell at pingidentity.com
Tue Dec 4 17:17:47 UTC 2012
Hey Breno and/or Naveen,
Would you guys be OK with relaxing the Connect specs to allow the
redirect_uri parameter to be omitted from an authorization request when
only one redirect_uri is registered for the given client?
The reason I'm asking it that the Connect specs are more strict about the
redirect_uri parameter than the base OAuth spec and I'd submitted at ticket
 requesting that Connect align with the RFC that it extends from. The
Connect editors have said the added constraint on the parameter was placed
there because it's how the the Google implementation worked and asked me to
follow up with you guys  to understand why you were requiring it and if
it is OK to relax that requirement in the Connect specs.
Can you shed some light on that decision and/or just give the to make the
change at the spec level?
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab