Hi Pawel,
thanks for the invitation.
I'm very busy Wednesday but, hopefully, I should be free for that time.
In addition to the opportunity to have a separate draft about some kind
of clients (as you may remember, this was my first recommendation), I
would like to put something else on the table.
Think we should check if the current spec is compliant with the best
practices described here
<https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps>.
After a quick reading, a first big doubt from my side is about what is
stated in section 4 regarding "redirect URIs".
Browser-based applications:
* MUST Register one or more redirect URIs, and use only exact
registered redirect URIs in authorization requests
Now, it's clear to me that, in the OpenID model we are working on, the
RDAP server acts as an RP and is the one submitting requests to th AS
but it can't use a fixed set if redirect_uri values.
Best,
Mario
Il 07/11/2022 11:33, Pawel Kowalik ha scritto:
Hi,
If anyone is interested in discussing this draft and the current
issues in more depth than than the WG session time would allow on
Thursday Scott and I will be setting up a public side meeting during
IETF 115.
Wednesday 9 November 16:30 - 17.00 (UTC +0) in Richmond 6.
Online Link
https://us02web.zoom.us/j/82146104492?pwd=R2x3K0FjQjNmZjl4bmlMeGZWdVNOUT09
Kind Regards,
Pawel
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
--
Dott. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web:http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
