[Openid-specs-ab] Issue #894: New Core - 126.96.36.199 Redirect URI Fragment Handling (openid/connect)
issues-reply at bitbucket.org
Sun Nov 3 20:24:52 UTC 2013
New issue 894: New Core - 188.8.131.52 Redirect URI Fragment Handling
When response parameters are returned in the Redirection URI fragment value, the Client MUST provide a way for the User-Agent to parse the fragment encoded response and consume the values. One way to do this is to post it to the Web Server Client for validation.
The entire section is new and is bogus. The Client does not have to post it to the Web Server Client for validation at all. We could provide a developer guidance as an example, but at this point, it is best to delete the unvetted content.
(This was reported on 31 Oct. in my review but recording it here as well since it is a technical comment.)
More information about the Openid-specs-ab