openid / mobile / issues / #84 - CIBA: Redirects and the Client Notification Endpoint — Bitbucket

Issue #84 resolved

Dave Tonge created an issue 2018-09-11

I just want to check the reasoning for the current wording:

The Client SHOULD NOT return an HTTP 3xx code. 
The OP SHOULD NOT follow redirects.
All redirects MUST be HTTPS.

I think this is saying:

Client shouldn't have any redirects on their notification endpoint
OPs shouldn't follow redirects if the client ignores this
Even there are redirects then they must be HTTPS

Is my understanding correct and is the WG happy with this approach?

Comments (6)

Dave Tonge reporter
There was discussion of this and an agreement that redirects should not be allowed.
- 2018-09-11T19:13:59+00:00
Dave Tonge reporter
- assigned issue to
  
  Dave Tonge
- 2018-09-11T19:14:20+00:00
Gonzalo Fernández
So, If I understand well, only the 3rd sentence must change?, maybe dissapear?
- 2018-09-13T11:36:48+00:00
Dave Tonge reporter
yes - I'll open a pull request
- 2018-09-19T15:29:36+00:00
Dave Tonge reporter
https://bitbucket.org/openid/mobile/pull-requests/17/redirects/diff

But only this commit is relevant: https://bitbucket.org/dgtonge/mobile/commits/5b7704f72483026e909d6e49827c4d6764df5c71?at=default
- 2018-09-21T08:40:07+00:00
Brian Campbell
- changed status to resolved
revolved by merging pull request #17
- 2018-10-01T10:46:08+00:00
Log in to comment

Assignee: Dave Tonge

Type: bug

Priority: minor

Status: resolved

Component: CIBA

Milestone: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!