[Openid-specs-ab] Question to Google about redirect_uri parameter in authorization request

Breno de Medeiros breno at google.com
Tue Dec 4 17:52:11 UTC 2012


-1

In my experience, every variation is harmful for interop, and is
expensive for developers to learn about.

All OAuth2-compliant providers need to accept a redirect_uri is specified.

On Tue, Dec 4, 2012 at 9:30 AM, Brian Campbell
<bcampbell at pingidentity.com> wrote:
> Sorry for the re-post - I wanted to send this with Breno and Naveen directly
> in the distribution list to increase the likelihood that they'd actually see
> it (but forgot the first time).
>
>
> ---------- Forwarded message ----------
> From: Brian Campbell <bcampbell at pingidentity.com>
> Date: Tue, Dec 4, 2012 at 10:17 AM
> Subject: Question to Google about redirect_uri parameter in authorization
> request
> To: "<openid-specs-ab at lists.openid.net>" <openid-specs-ab at lists.openid.net>
>
>
> Hey Breno and/or Naveen,
>
> Would you guys be OK with relaxing the Connect specs to allow the
> redirect_uri parameter to be omitted from an authorization request when only
> one redirect_uri is registered for the given client?
>
> The reason I'm asking it that the Connect specs are more strict about the
> redirect_uri parameter than the base OAuth spec and I'd submitted at ticket
> [1] requesting that Connect align with the RFC that it extends from. The
> Connect editors have said the added constraint on the parameter was placed
> there because it's how the the Google implementation worked and asked me to
> follow up with you guys [2] to understand why you were requiring it and if
> it is OK to relax that requirement in the Connect specs.
>
> Can you shed some light on that decision and/or just give the to make the
> change at the spec level?
>
> Thanks in advance,
> Brian
>
>
> [1]
> https://bitbucket.org/openid/connect/issue/669/inconsistent-treatment-of-redirect_uri
>
> [2]
> http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20121203/002612.html
>



-- 
--Breno


More information about the Openid-specs-ab mailing list