Re: [OAUTH-WG] redircet_uri matching algorithm

+1 Best regards, Don Donald F. Coffin Founder/CTO REMI Networks 2335 Dunwoody Crossing Suite E Dunwoody, GA 30338-8221 Phone: (949) 636-8571 Email: donald.cof...@reminetworks.com From: Bill Mills [mailto:wmills_92...@yahoo.c

Re: [OAUTH-WG] redircet_uri matching algorithm

- Original Message - > From: "Antonio Sanso" > To: "John Bradley" > Cc: oauth@ietf.org > Sent: Thursday, May 21, 2015 4:41:28 AM > Subject: Re: [OAUTH-WG] redircet_uri matching algorithm > > > On May 21, 2015, at 4:35 AM, John Bradley wrote: > > > I think the correct answer is that c

Re: [OAUTH-WG] redircet_uri matching algorithm

+1 On Thursday, May 21, 2015 12:29 PM, Mike Jones wrote: +1 I vehemently concur that that working group should stay completely clear of facilitating this insecure practice.                 -- Mike -Original Message- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf O

Re: [OAUTH-WG] redircet_uri matching algorithm

+1 I vehemently concur that that working group should stay completely clear of facilitating this insecure practice. -- Mike -Original Message- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Antonio Sanso Sent: Thursday, May 21, 2015 12:41 AM To:

Re: [OAUTH-WG] redircet_uri matching algorithm

On May 21, 2015, at 4:35 AM, John Bradley wrote: > I think the correct answer is that clients should always assume exact > redirect_uri matching, and servers should always enforce it. > > Anything else is asking for trouble. FWIW I completely agree with John here… regards antonio > > I