-
assigned issue to
Nat Sakimura
- changed status to open
Registration 4.1 redirect_uri should REQUIRED rather than OPTIONAL
Issue #300
resolved
OAuth 2.0 (draft 22) required redirect_uri registration for public clients and confidential clients which utilize implicit flow. http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.1.2.2
So Connect also should require redirect_uri at dynamic client registration. It can be still OPTIONAL for confidential clients which won't utilize implicit flow though.
Comments (6)
-
-
- changed status to resolved
Fix
#300- Registration 4.1 redirect_uri should REQUIRED rather than OPTIONAL -
- changed status to open
The reason this was optional is for clients that use other flows or post message.
A public client needs to register js_origin_uri or redirect_uri
It is optional for the code flow.
I don't think making it REQUIRED for everything is correct.
-
-
assigned issue to
John Bradley
-
assigned issue to
-
reporter
OK, so "either redirect_uri or js_origin_uri is REQURED"? I got only "type" and "contact" from a RP last week, and I had no idea what should happen in that case..
-
- changed status to resolved
fixes
#300removed js_origin_uri Made redirect_uri required only for fragment encoded responses - Log in to comment
