[Openid-specs-ab] Issue #999: Core - 3.1.2.6 para 3: Clarification proposal (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Thu Aug 18 14:48:07 UTC 2016


New issue 999: Core - 3.1.2.6 para 3: Clarification proposal
https://bitbucket.org/openid/connect/issues/999/core-3126-para-3-clarification-proposal

Nat Sakimura:

Paragraph 3 states: 

    Unless the Redirection URI is invalid, the Authorization Server returns the Client to 
    the Redirection URI specified in the Authorization Request with the appropriate 
    error and state parameters. Other parameters SHOULD NOT be returned.

It is ambiguous on what is to be done if the Redirection URI is invalid. 

Propose adding: 

    If Redirection URI is invalid, the Authorization Server MUST NOT 
    return the Client to the Redirection URI provided in the Authorization Request. 

Responsible: mbj


More information about the Openid-specs-ab mailing list