On Mon, May 17, 2010 at 8:29 AM, Evan Gilbert <uid...@google.com> wrote: > I'd like to get a standard for redirect URI matching, but think this may not > be feasible - we are leaving the callback URI registration mechanism > undefined and I've heard a number of different mechanisms that companies > want to support. > I think we should leave the matching undefined, possibly with a SHOULD for > the most common matching mechanism (URL prefix?) > > I'm not hugely worried about incompatibilities between different AS on this > front: > 1. Clients will push us strongly towards compatible implementations. > 2. Clients can always set up a redirector if needed for a specific AS (as an > aside - we need a document detailing how to build a redirector properly > without becoming an open redirector).
Isn't this saying that clients can always implement strict matching and live with that? Why not require it then? Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth