-
assigned issue to
- changed status to open
Discovery 3.4 - Simple Web Discovery endpoint unreachable fallback dangerous
Issue #286
resolved
The Discovery draft currently says:
3.4. Error
If the Simple Web Discovery endpoint is unreachable or returns an error, then the RP may prepend https: to the host from Sec 3.1 and use that as the issuer.
This seems dangerous. This fallback "discovery" mechanism should be deleted.
Comments (2)
-
-
reporter - changed status to resolved
Fix
#286Discovery 3.4 - Simple Web Discovery endpoint unreachable fallback dangerous - Log in to comment