[Openid-specs-ab] Issue #894: New Core - 22.214.171.124 Redirect URI Fragment Handling (openid/connect)
Breno de Medeiros
breno at google.com
Sun Nov 3 21:28:39 UTC 2013
On Nov 3, 2013 12:24 PM, "Nat Sakimura" <issues-reply at bitbucket.org> wrote:
> New issue 894: New Core - 126.96.36.199 Redirect URI Fragment Handling
> Nat Sakimura:
> It says:
> When response parameters are returned in the Redirection URI fragment
> value, the Client MUST provide a way for the User-Agent to parse the
> fragment encoded response and consume the values. One way to do this is to
> post it to the Web Server Client for validation.
> The entire section is new and is bogus. The Client does not have to post
> it to the Web Server Client for validation at all. We could provide a
> developer guidance as an example, but at this point, it is best to delete
> the unvetted content.
> (This was reported on 31 Oct. in my review but recording it here as well
> since it is a technical comment.)
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab