-
assigned issue to
s/URL/URI/g in Core: 6.2.1
While we intended that request_uri is an URI as the name suggest, the text still uses “URL”. It actually is kind of ok as it needs to be dereferenceable by the AS, but that does not mean that it needs to be HTTPS reachable. However, in the past, I have seen a lot of people interpreting URL as https://…
To mitigate the misunderstanding, I suggest changing URL to URI. While it will broaden the meaning, it should be fine as it is constrained within the text of 6.2 as
The request_uri
value MUST be reachable by the Authorization Server,
Comments (5)
-
reporter -
It could be a URN (and is already in at least one implementation) in case of PAR, so changing URL to URI makes a lot of sense to me.
-
reporter - changed status to open
Mike to take care of it in the errata.
-
Will be fixed by https://bitbucket.org/openid/connect/pull-requests/582
-
- changed status to resolved
- Log in to comment