Proposed change to invalid redirect url test in all FAPI conformance suites
As per the discussion at https://bitbucket.org/openid/connect/issues/2045/certification-proposed-change-to-how the certification team propose to change the invalid url test such that we check that urls are the redirect url plus extra characters in the path are rejected as I believe this would detect more incorrect implementations than the current test does (see url for details).
Before doing so we should wanted to give the working group a chance to object. We plan to proceed if no objections are received within 2 weeks.
Comments (3)
-
-
reporter This was discussed on today’s FAPI call and there was no objection to making this change.
Nat did note that we might want to have more explicit text in FAPI 2 and hence https://bitbucket.org/openid/fapi/issues/629/fapi2-specify-that-redirect_uris-must-be was created.
-
reporter - changed status to resolved
Ticket raised to make this change to the suite ( https://gitlab.com/openid/conformance-suite/-/issues/1252 ), so closing this ticket.
- Log in to comment
Could you kindly explain it on the Oct 25 call?