[Openid-specs-ab] Question to Google about redirect_uri parameter in authorization request

Brian Campbell bcampbell at pingidentity.com
Tue Dec 4 21:28:10 UTC 2012


I'd love to know how that's possible.


On Tue, Dec 4, 2012 at 2:02 PM, Breno de Medeiros <breno at google.com> wrote:

> On Tue, Dec 4, 2012 at 12:45 PM, Brian Campbell
> <bcampbell at pingidentity.com> wrote:
> > On Tue, Dec 4, 2012 at 12:50 PM, Breno de Medeiros <breno at google.com>
> wrote:
> >>
> >> > Putting this requirement into Connect introduces a different kind of
> >> > variation all together. Whether or not the parameter is required
> (under
> >> > the
> >> > particular circumstance of a single registered redirect uri) would
> >> > depend on
> >> > if you are doing plain old OAuth or if you are doing Connect. That
> seems
> >> > even worse IMHO and will certainly be a pain to support.
> >>
> >> I doubt. You can simply supply the redirect_uri to an OAuth2 library.
> >> They need to support it.
> >>
> >
> > I was talking about it being a pain to support as an AS that already does
> > 'standard' OAuth.
>
> No -- compliant AS should require no changes.
>
>
>
> --
> --Breno
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121204/63092989/attachment.html>


More information about the Openid-specs-ab mailing list