what is authenticity and integrity of the redirect URI?
Issue #343
resolved
Baseline has "shall require the redirect_uri
parameter in authorization requests and evaluate only this parameter to ensure authenticity and integrity of the redirect URI"
What does "evaluate only this parameter to ensure authenticity and integrity" mean? I don't know and don't know how I'd do it. I'm guessing this text is somehow related to wanting to allow non-static redirect URIs to be sent in authenticated PAR. But I can't tell what it actually means or how one would conform to this (other than requiring the redirect_uri parameter).
Comments (6)
-
-
-
assigned issue to
-
assigned issue to
-
As discussed on the call:
- Leave redirect_uri as a required parameter (only edge cases when it can be left out, mandatory in OIDC)
- Leave AS behavior of non-registered redirect_uris up to the AS
- PAR should have a more descriptive error message
-
reporter PAR should have a more descriptive error message
see https://mailarchive.ietf.org/arch/msg/oauth/bxPK--atBjdIhoBYZ6t2yxBN57s/
-
- changed status to resolved
Fix Issue
#343→ <<cset bf4e34868dc2>>
-
- changed component to FAPI2: Security Profile
- Log in to comment
I agree that its a bit confusing. Do we not just need the first part: “shall require the
redirect_uri
parameter in authorization requests”?