[Openid-specs-ab] Issue #894: New Core - 2.2.2.7 Redirect URI Fragment Handling (openid/connect)

Breno de Medeiros breno at google.com
Sun Nov 3 21:28:39 UTC 2013


+1
On Nov 3, 2013 12:24 PM, "Nat Sakimura" <issues-reply at bitbucket.org> wrote:

> New issue 894: New Core - 2.2.2.7 Redirect URI Fragment Handling
>
> https://bitbucket.org/openid/connect/issue/894/new-core-2227-redirect-uri-fragment
>
> Nat Sakimura:
>
> It says:
>
> When response parameters are returned in the Redirection URI fragment
> value, the Client MUST provide a way for the User-Agent to parse the
> fragment encoded response and consume the values. One way to do this is to
> post it to the Web Server Client for validation.
>
> The entire section is new and is bogus. The Client does not have to post
> it to the Web Server Client for validation at all. We could provide a
> developer guidance as an example, but at this point, it is best to delete
> the unvetted content.
>
> (This was reported on 31 Oct. in my review but recording it here as well
> since it is a technical comment.)
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131103/6bcff64a/attachment.html>


More information about the Openid-specs-ab mailing list