Am 09.06.20 um 00:50 schrieb Benjamin Kaduk: > On Mon, Jun 08, 2020 at 11:15:07AM +0200, Daniel Fett wrote: >> Hi Filip, >> >> Thanks for your answers! >> >> I'm not quite sure if the wording in my question was clear: My main >> concern is the difference between >> https://example.com/some/path*/.well-known/oauth-authorization-server* >> and >> https://example.com*/.well-known/oauth-authorization-server*/some/path, >> i.e., the usage of the well-known URI as a postfix or as an infix. > .well-known is only defined at the root of the path component of a URI. > Usage such as > https://example.com/some/path*/.well-known/oauth-authorization-server* is > noncompliant with RFC 5785.
I know, but my impression is that since OIDC did it this way, some clients are expecting the same behavior for RFC8414. Thus the question if AS should be allowed or even required to offer the postfix variant in an ecosystem. -Daniel -- https://danielfett.de
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
