<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Regarding <br>
</p>
<p>
<blockquote type="cite">Fixed #2026: Clarified description of
loopback hostnames for native applications.</blockquote>
</p>
<p>I noticed that in OIDC Core the change was applied to the
implicit flow and the code flow section not changed.<br>
</p>
<p><a class="moz-txt-link-freetext" href="https://bitbucket.org/openid/connect/pull-requests/620">https://bitbucket.org/openid/connect/pull-requests/620</a><br>
</p>
<p><a class="moz-txt-link-freetext" href="https://openid.net/specs/openid-connect-core-1_0-33.html#ImplicitAuthRequest">https://openid.net/specs/openid-connect-core-1_0-33.html#ImplicitAuthRequest</a></p>
<p>
<blockquote type="cite">
<dl>
<dt>redirect_uri</dt>
<dd> REQUIRED. Redirection URI to which the response will be
sent. This URI MUST exactly match one of the Redirection URI
values for the Client pre-registered at the OpenID Provider,
with the matching performed as described in Section 6.2.1 of
<a class="info"
href="https://openid.net/specs/openid-connect-core-1_0-33.html#RFC3986">[RFC3986]</a>
(Simple String Comparison). When using this flow, the
Redirection URI MUST NOT use the <tt>http</tt> scheme
unless the Client is a native application, in which case it
MAY use the <tt>http</tt> scheme with <tt>localhost</tt>
or the IP loopback literals <tt>127.0.0.1</tt> or <tt>[::1]</tt>
as the hostname. </dd>
</dl>
</blockquote>
</p>
<p><br>
</p>
<p>I was expecting that this errata would apply to the code flow as
well, and that the redirect_uri spec here will be aligned with the
updated application_type spec in OIDC Dynamic Client Registration.
I think this is crucial, developers today are typically concerned
with the code flow.<br>
</p>
<p><br>
</p>
<p><a class="moz-txt-link-freetext" href="https://openid.net/specs/openid-connect-core-1_0-33.html#AuthRequest">https://openid.net/specs/openid-connect-core-1_0-33.html#AuthRequest</a></p>
<p>
<blockquote type="cite">
<dl>
<dt>redirect_uri</dt>
<dd> REQUIRED. Redirection URI to which the response will be
sent. This URI MUST exactly match one of the Redirection URI
values for the Client pre-registered at the OpenID Provider,
with the matching performed as described in Section 6.2.1 of
<a class="info"
href="https://openid.net/specs/openid-connect-core-1_0-33.html#RFC3986">[RFC3986]</a>
(Simple String Comparison). When using this flow, the
Redirection URI SHOULD use the <tt>https</tt> scheme;
however, it MAY use the <tt>http</tt> scheme, provided that
the Client Type is <tt>confidential</tt>, as defined in
Section 2.1 of OAuth 2.0, and provided the OP allows the use
of <tt>http</tt> Redirection URIs in this case. The
Redirection URI MAY use an alternate scheme, such as one
that is intended to identify a callback into a native
application. </dd>
</dl>
</blockquote>
</p>
<p></p>
<p><br>
</p>
<pre class="moz-signature" cols="72">Vladimir Dzhuvinov</pre>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 22/10/2023 02:26, Michael Jones via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MW4PR02MB742842206F24B82D95376617B7DAA@MW4PR02MB7428.namprd02.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">The 45-day foundation-wide review is now
under way, as announced at
<a
href="https://openid.net/review-second-proposed-errata-openid-connect-specifications/"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://openid.net/review-second-proposed-errata-openid-connect-specifications/</a>
and
<a
href="https://twitter.com/openid/status/1715869175376396543"
moz-do-not-send="true" class="moz-txt-link-freetext">https://twitter.com/openid/status/1715869175376396543</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks to Mike Leszcz for making the blog
post.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="mso-ligatures:none">From:</span></b><span
style="mso-ligatures:none"> Openid-specs-ab
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab-bounces@lists.openid.net"><openid-specs-ab-bounces@lists.openid.net></a>
<b>On Behalf Of </b>Michael Jones via Openid-specs-ab<br>
<b>Sent:</b> Monday, October 2, 2023 6:19 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Cc:</b> Michael Jones
<a class="moz-txt-link-rfc2396E" href="mailto:michael_b_jones@hotmail.com"><michael_b_jones@hotmail.com></a><br>
<b>Subject:</b> [Openid-specs-ab] WGLC for candidate
OpenID Connect errata correction drafts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This note begins a two-week Working Group
Last Call (WGLC) for the candidate errata correction drafts
below. The WGLC concludes as of the working group call on
Monday, October 16.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Please let us know if you believe that any
changes need to be made to these drafts before the
Foundation-wide 45-day review for them. Please identify any
proposed changes by filing issues at
<a
href="https://bitbucket.org/openid/connect/issues?status=new&status=open"
moz-do-not-send="true">https://bitbucket.org/openid/connect/issues?status=new&status=open</a>
marked with the Errata milestone.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This should put us on track to have
approved errata drafts published by the second week of
December.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> --
Mike (writing as co-chair)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="mso-ligatures:none">From:</span></b><span
style="mso-ligatures:none"> Michael Jones
<br>
<b>Sent:</b> Sunday, October 1, 2023 12:26 AM<br>
<b>To:</b> <a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true" class="moz-txt-link-freetext">openid-specs-ab@lists.openid.net</a><br>
<b>Cc:</b> Gail Hodges <<a
href="mailto:gail@oidf.org" moz-do-not-send="true"
class="moz-txt-link-freetext">gail@oidf.org</a>>;
Mike Leszcz <<a href="mailto:mike.leszcz@oidf.org"
moz-do-not-send="true" class="moz-txt-link-freetext">mike.leszcz@oidf.org</a>><br>
<b>Subject:</b> Second candidate OpenID Connect errata
correction drafts published<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’ve published drafts incorporating all the
additional errata corrections that have been approved for the
OpenID Connect family of specifications since the first set of
candidate drafts were published on August 13<sup>th</sup>.
This puts us on the doorstep of publishing our second errata
set for OpenID Connect and for submission to ISO as Publicly
Available Specification (PAS) standards.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The drafts incorporating the errata
corrections are:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><a
href="https://openid.net/specs/openid-connect-core-1_0-33.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-core-1_0-33.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><a
href="https://openid.net/specs/openid-connect-discovery-1_0-36.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-discovery-1_0-36.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><a
href="https://openid.net/specs/openid-connect-registration-1_0-38.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-registration-1_0-38.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><a
href="https://openid.net/specs/openid-connect-backchannel-1_0-12.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-backchannel-1_0-12.html</a><o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The History sections of the specs describe
each of the changes made. If you want to see the precise
changes incorporated, I suggest using your favorite
HTML-capable diff tool (such as Microsoft Word) and comparing
the baseline docs below to the ones above:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l5 level1 lfo6"><a
href="https://openid.net/specs/openid-connect-core-1_0-errata1.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-core-1_0-errata1.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l5 level1 lfo6"><a
href="https://openid.net/specs/openid-connect-discovery-1_0-errata1.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-discovery-1_0-errata1.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l5 level1 lfo6"><a
href="https://openid.net/specs/openid-connect-registration-1_0-errata1.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-registration-1_0-errata1.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l5 level1 lfo6"><a
href="https://openid.net/specs/openid-connect-backchannel-1_0-final.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-backchannel-1_0-final.html</a><o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Diffs are also possible for the .txt and
.xml versions of the specs; just substitute “html” in the URLs
above for “txt” or “xml” and use your favorite diff tool.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I plan to ask for working group review of
these changes during Monday’s working group call. Following
the working group review, we’ll hold the foundation-wide
45-day proposed errata review and then the approval vote.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">P.S. Our two Implementer’s Guides were
also updated in parallel to keep them current with the
versions incorporating errata corrections. The corresponding
versions are:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo9"><a
href="https://openid.net/specs/openid-connect-basic-1_0-45.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-basic-1_0-45.html</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo9"><a
href="https://openid.net/specs/openid-connect-implicit-1_0-28.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-implicit-1_0-28.html</a><o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</body>
</html>