- edited description
Registration 4.1. application_url (Normative)
We would like the client to be able to register an url for accessing the application.
We expect our OP to have the url available at the end-users associated RPs page.
Comments (10)
-
reporter -
reporter - marked as proposal
-
Casper,
How is this different from js_origin_uri? We do not understand what you are asking for. Is the URI intended for human or programmatic consumption?
Please provide a normative text change.
-
-
assigned issue to
-
assigned issue to
-
reporter Sorry for the delay.
It's for human consumption along with application_name.
Eg.
- Ebay as RP may register "http://www.ebay.com".
- Office 365 as RP may register "http://www.microsoft.com/office365/"
- Adao File Manager as RP may register "https://market.android.com/details?id=com.adao.android.afm"
The OP can then provide the End-User with a non-technical links to his registered RPs (for maintenance, convenience and anti-phishing).
-
- changed status to wontfix
Not required for implementers draft. Review later.
-
reporter - changed status to open
Changing it to on-hold instead.
-
reporter - changed status to on hold
-
- changed status to open
The problem with this is that it would require a method of validating that the display value is actually associated with the RP. The return_to URL at least is validated. Adding this likely introduces more security issues than it fixes.
-
- changed status to wontfix
Agreed. This would probably cause security problem.
- Log in to comment