- changed status to open
Core - 3.1.2.6 para 3: Clarification proposal
Issue #999
resolved
Paragraph 3 states:
Unless the Redirection URI is invalid, the Authorization Server returns the Client to
the Redirection URI specified in the Authorization Request with the appropriate
error and state parameters. Other parameters SHOULD NOT be returned.
It is ambiguous on what is to be done if the Redirection URI is invalid.
Propose adding:
If the Redirection URI is invalid, the Authorization Server MUST NOT
return the user to the Redirection URI provided in the Authorization Request.
Comments (5)
-
reporter
-
Just want to +1 this.
-
reporter
- edited description
-
reporter
- edited description
-
- changed status to resolved
Fixed
#999- Clarified requirements when invalid Redirection URI supplied→ <<cset 053c16edd9fe>>
- Log in to comment
