On Mon, May 17, 2010 at 8:29 AM, Evan Gilbert <uid...@google.com> wrote:
> I'd like to get a standard for redirect URI matching, but think this may not
> be feasible - we are leaving the callback URI registration mechanism
> undefined and I've heard a number of different mechanisms that companies
> want to support.
> I think we should leave the matching undefined, possibly with a SHOULD for
> the most common matching mechanism (URL prefix?)
>
> I'm not hugely worried about incompatibilities between different AS on this
> front:
> 1. Clients will push us strongly towards compatible implementations.
> 2. Clients can always set up a redirector if needed for a specific AS (as an
> aside - we need a document detailing how to build a redirector properly
> without becoming an open redirector).

Isn't this saying that clients can always implement strict matching
and live with that? Why not require it then?

Marius
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to