Registration 4.1. application_url (Normative)

Issue #220 wontfix
Casper Biering
created an issue

We would like the client to be able to register an url for accessing the application.

We expect our OP to have the url available at the end-users associated RPs page.

Comments (10)

  1. Nat Sakimura


    How is this different from js_origin_uri? We do not understand what you are asking for. Is the URI intended for human or programmatic consumption?

    Please provide a normative text change.

  2. Michael Jones
    • changed status to open

    The problem with this is that it would require a method of validating that the display value is actually associated with the RP. The return_to URL at least is validated. Adding this likely introduces more security issues than it fixes.

  3. Log in to comment