Discovery 3.4 - Simple Web Discovery endpoint unreachable fallback dangerous

Issue #286 resolved
Michael Jones
created an issue

The Discovery draft currently says:

3.4. Error

If the Simple Web Discovery endpoint is unreachable or returns an error, then the RP may prepend https: to the host from Sec 3.1 and use that as the issuer.

This seems dangerous. This fallback "discovery" mechanism should be deleted.

Comments (2)

  1. Log in to comment