[Openid-specs-ab] Issue #894: New Core - 2.2.2.7 Redirect URI Fragment Handling (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Sun Nov 3 20:24:52 UTC 2013


New issue 894: New Core - 2.2.2.7 Redirect URI Fragment Handling
https://bitbucket.org/openid/connect/issue/894/new-core-2227-redirect-uri-fragment

Nat Sakimura:

It says: 

When response parameters are returned in the Redirection URI fragment value, the Client MUST provide a way for the User-Agent to parse the fragment encoded response and consume the values. One way to do this is to post it to the Web Server Client for validation.

The entire section is new and is bogus. The Client does not have to post it to the Web Server Client for validation at all. We could provide a developer guidance as an example, but at this point, it is best to delete the unvetted content. 

(This was reported on 31 Oct. in my review but recording it here as well since it is a technical comment.) 




More information about the Openid-specs-ab mailing list