FAPI part 2 - request_uri mandatory or optional?
Issue #156
resolved
Comments (13)
-
-
reporter
The spec states "In addition, the authorization server, for the Write operation, ... shall require the request or request_uri parameter to be passed as a JWS signed JWT as in clause 6 of [OIDC];"
My interpretation of this statement is that the AS expects the RP to send request or request_uri. Since request_uri is not mandatory to implement, it only makes sense to require request_uri if the AS supports it.
-
reporter
-
assigned issue to
Torsten Lodderstedt
-
assigned issue to
-
reporter
-
assigned issue to
Nat Sakimura
please review the pull request
-
assigned issue to
-
- changed status to open
Which pull request? Could you give me the number?
-
reporter
-
reporter
-
assigned issue to
Torsten Lodderstedt
-
assigned issue to
-
reporter
modified wording
-
reporter
-
assigned issue to
Nat Sakimura
-
assigned issue to
-
- changed status to resolved
closed by
#63 -
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
- Log in to comment
Could you explain a bit more on the reasoning for "enforcing" "request_uri"?