I likewise believe there is a lot of value in this work and support the document moving forward.
I reviewed -03 and have just a couple nits: Loopback URI Redirection in section 3 <https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03#section-7.3> (which the author is already aware of because he mentioned it to me) doesn't fully account for how a path component of the URI would be used to allow a client to use and rely on distinct per-AS redirect URIs. Appendix A.1. iOS Implementation Details <https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03#appendix-A.1> has "Clients SHOULD use Universal Links for authorization requests ... " but, in the context of what's being discussed there, shouldn't it say to use Universal Links for *redirect URIs*? Or am I confused here? On Sun, Jul 24, 2016 at 11:30 AM, Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi, > > generally, I considers this a highly valuable contribution and support to > move it forward. > > Some nits: > > section 7.3, last paragraph: "... as it is less susceptible > to misconfigured routing and client side firewalls Note ..." - I think > a period is missing between "firewalls" and "Note" potentially a line break > would be appropriate. > > section 8.2 - The term PKCE is used in the second paragraph but not > defined before the fourth paragraph. I suggest to define PKCE on first use. > > best regards, > Torsten. > > Am 21.07.2016 um 10:05 schrieb Hannes Tschofenig: > > Hi all, > > William has submitted an update, as promised during the OAuth WG session > on Monday. Hence, we will start a Last Call for comments on the "OAuth > 2.0 for Native Apps" specification. > > The document can be found > here:https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03 > > Please have your comments in no later than August 8th. > > Ciao > Hannes & Derek > > > > > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
