[Openid-specs-ab] Question to Google about redirect_uri parameter in authorization request

Breno de Medeiros breno at google.com
Tue Dec 4 21:02:50 UTC 2012


On Tue, Dec 4, 2012 at 12:45 PM, Brian Campbell
<bcampbell at pingidentity.com> wrote:
> On Tue, Dec 4, 2012 at 12:50 PM, Breno de Medeiros <breno at google.com> wrote:
>>
>> > Putting this requirement into Connect introduces a different kind of
>> > variation all together. Whether or not the parameter is required (under
>> > the
>> > particular circumstance of a single registered redirect uri) would
>> > depend on
>> > if you are doing plain old OAuth or if you are doing Connect. That seems
>> > even worse IMHO and will certainly be a pain to support.
>>
>> I doubt. You can simply supply the redirect_uri to an OAuth2 library.
>> They need to support it.
>>
>
> I was talking about it being a pain to support as an AS that already does
> 'standard' OAuth.

No -- compliant AS should require no changes.



-- 
--Breno


More information about the Openid-specs-ab mailing list