Part 1 'require the redirect_uri parameter' could have a better wording

Issue #317 resolved
Joseph Heenan created an issue

This text in FAPI-R,

shall require the `redirect_uri` parameter in the authorization request;

can be read as the AS needing to require the redirect_uri specifically in a url parameter (rather than in a request object), which combines badly with PAR/JAR where you definitely don’t need to require it in a url parameter to the authorization endpoint. I’m pretty sure the intent is just that the redirect uri is explicitly stated somewhere, possibly we should tweak the language if we can find a better wording.

Comments (10)

  1. Joseph Heenan reporter

    Dave suggested just removing ‘parameter’. Seemed to be a consensus on that on today’s call.

  2. Log in to comment