informative vs normative references
RFC6749, RFC8414 and RFC7591 are listed as informative references.
I wonder if they should be normative. I found guidance at https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/ that would suggest at least 6749 should be normative I think.
Comments (7)
-
reporter -
Yeah, RFC6749 should be normative at least. In a way it kind of is as a transitive normative reference from OIDC core (same with RFC7231 really). But I digress, RFC6749 should just move to normative.
RFC8414 and RFC7591 are less obvious (to me anyway) but I’m inclined to leave them informative.
-
In the context of the context of the discussion from which this arose, IMHO RFC7591 and not requiring
redirect_uris
in cases where aredirect_uri
won’t be used and isn't needed is the way to go.
-
PR #14 moves the RFC6749 reference to normative
-
0d23754 moves the RFC6749 reference to normative in main and fixes some other tooling problems resolving references
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
issue fixed
- Log in to comment
This arose in the context of a discussion of the certifications tests, which optionally use DCR in the FAPI-CIBA tests, and whether
redirect_uris
is required (as per https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration ) or optional (as per https://datatracker.ietf.org/doc/html/rfc7591#section-2).I’m tempted to go with ‘optional’ as per RFC7591 but other opinions welcome.