openid / connect / issues / #350 - Standard 2.3.1 - Does request_uri have to be HTTPS? — Bitbucket

Issue #350 resolved

Michael Jones created an issue 2011-11-21

Doesn't the request file have to be protected by TLS to prevent tampering? If so, the spec needs to say so. (If not, the spec should probably say why not.)

Comments (2)

Nat Sakimura
- assigned issue to
  
  John Bradley
- changed status to open
- 2011-11-22T00:20:28+00:00
John Bradley
- changed status to resolved
fixes ~~#350~~ Sec 2.3.1.3 Clarify request_uri needs to be https unless the JWT is signed. re ~~#379~~ Sec 2.3.1.3 Clarify request_uri dosen't need to be globally reachable

→ 1091e590530a
- 2011-11-23T21:38:21+00:00
Log in to comment

Assignee: John Bradley

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!