<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Claimed https is only supported on iOS and Android as far as I know. So custom schemes is one of the solutions for native apps on WinPhone, Windows, macOS, linux desktops, tizen, etc.<div class=""><br class=""></div><div class="">That said, if any of the feedback about custom schemes is from iOS/Android people it’d be interesting to know why.</div><div class=""><br class=""></div><div class="">Cheers,</div><div class=""><br class=""></div><div class="">Joseph</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 15 Nov 2018, at 08:33, Filip Skokan via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">Which they can do with claimed https uris, but still, i've gotten that feedback from implementers where they expected a custom scheme uri to be allowed.</div><br clear="all" class=""><div class=""><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">S pozdravem,<br class=""><b class="">Filip Skokan</b></div></div><br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Thu, Nov 15, 2018 at 9:32 AM Filip Skokan <<a href="mailto:panva.ip@gmail.com" class="">panva.ip@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Some people may want to redirect back to a native app too.<div class=""><br clear="all" class=""><div class=""><div dir="ltr" class="m_6292397336799598426gmail_signature" data-smartmail="gmail_signature">Best,<br class=""><b class="">Filip</b></div></div><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Thu, Nov 15, 2018 at 2:10 AM John Bradley via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank" class="">openid-specs-ab@lists.openid.net</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I think it may be reasonable to allow a fragment in the post logout <br class="">
redirect. Some people will want to redirect back to a Single Page <br class="">
App. I need to think about it.<br class="">
<br class="">
On 11/14/2018 8:35 PM, Mike Jones via Openid-specs-ab wrote:<br class="">
> I agree that this should follow the same pattern as the redirect_uri - https, path permitted, query parameters permitted and preserved, fragment not permitted.<br class="">
> <br class="">
> Filip Skokan also pointed out that there is likewise no description of the syntax of initiate_login_uri. My sense is that should also be the same.<br class="">
><br class="">
> Other's thoughts?<br class="">
><br class="">
> -- Mike<br class="">
><br class="">
> -----Original Message-----<br class="">
> From: Openid-specs-ab <<a href="mailto:openid-specs-ab-bounces@lists.openid.net" target="_blank" class="">openid-specs-ab-bounces@lists.openid.net</a>> On Behalf Of Roland Hedberg via Openid-specs-ab<br class="">
> Sent: Wednesday, November 14, 2018 7:14 AM<br class="">
> To: <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank" class="">openid-specs-ab@lists.openid.net</a>> <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank" class="">openid-specs-ab@lists.openid.net</a>><br class="">
> Cc: Roland Hedberg <<a href="mailto:roland@catalogix.se" target="_blank" class="">roland@catalogix.se</a>><br class="">
> Subject: [Openid-specs-ab] post_logout_redirect_uri<br class="">
><br class="">
> Hi!<br class="">
><br class="">
> post_logout_redirect_uri are defined in <a href="https://openid.net/specs/openid-connect-session-1_0.html" rel="noreferrer" target="_blank" class="">https://openid.net/specs/openid-connect-session-1_0.html</a><br class="">
> and refreed to in <a href="https://openid.net/specs/openid-connect-frontchannel-1_0.html" rel="noreferrer" target="_blank" class="">https://openid.net/specs/openid-connect-frontchannel-1_0.html</a>.<br class="">
><br class="">
> In neither of these documents are there any specification of what a post_logout_redirect_uri is allowed to look like.<br class="">
><br class="">
> backchannel_logout_uri in <a href="https://openid.net/specs/openid-connect-backchannel-1_0.html" rel="noreferrer" target="_blank" class="">https://openid.net/specs/openid-connect-backchannel-1_0.html</a> is defined as:<br class="">
><br class="">
> ”The back-channel logout URI MUST be an absolute URI as defined by Section 4.3 of [RFC3986].<br class="">
> The back-channel logout URI MAY include an application/x-www-form-urlencoded formatted query component, per Section 3.4 of [RFC3986], which MUST be retained when adding additional query parameters.<br class="">
> The back-channel logout URI MUST NOT include a fragment component.”<br class="">
><br class="">
> The same goes for frontchannel_logout_uri in <a href="https://openid.net/specs/openid-connect-frontchannel-1_0.html" rel="noreferrer" target="_blank" class="">https://openid.net/specs/openid-connect-frontchannel-1_0.html</a><br class="">
><br class="">
> I would expect the same rule to apply to post_logout_redirect_uri.<br class="">
><br class="">
> -- Roland<br class="">
> "Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain<br class="">
><br class="">
><br class="">
><br class="">
> _______________________________________________<br class="">
> Openid-specs-ab mailing list<br class="">
> <a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" class="">Openid-specs-ab@lists.openid.net</a><br class="">
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank" class="">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br class="">
> _______________________________________________<br class="">
> Openid-specs-ab mailing list<br class="">
> <a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" class="">Openid-specs-ab@lists.openid.net</a><br class="">
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank" class="">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br class="">
_______________________________________________<br class="">
Openid-specs-ab mailing list<br class="">
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" class="">Openid-specs-ab@lists.openid.net</a><br class="">
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank" class="">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br class="">
</blockquote></div>
</blockquote></div>
_______________________________________________<br class="">Openid-specs-ab mailing list<br class=""><a href="mailto:Openid-specs-ab@lists.openid.net" class="">Openid-specs-ab@lists.openid.net</a><br class="">http://lists.openid.net/mailman/listinfo/openid-specs-ab<br class=""></div></blockquote></div><br class=""></div></body></html>