There is a lot of effort associated with the handling and correct validation of a redirect_uri sent to the AS as part of the front channel authorization request, as this gets transported by user agents.
The draft-parecki-oauth-v2-1 as a replacement of RFC 6749 must make sure redirect_uri is only sent to the AS through the back channel. This of course requires the implementation of a new "authorization request initiation endpoint". The draft-ietf-oauth-par-01 provides a guidance on how to design this initiation endpoint. -- Francis Pouatcha Co-Founder and Technical Lead at adorys https://adorsys-platform.de/solutions/
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
