On Wed, Jun 15, 2011 at 7:36 PM, Manger, James H
wrote:
> It seems like an authorization server receiving a request with an
> unregistered redirect_uri of https://example.org/ can tell the user:
>
>
>
> “Permission will be passed to your browser then onto *example.org*”
>
>
>
> An authorization
On Wed, Jun 15, 2011 at 6:09 PM, Eran Hammer-Lahav wrote:
>
>> -Original Message-
>> From: Shane B Weeden [mailto:swee...@au1.ibm.com]
>> Sent: Wednesday, June 15, 2011 3:19 PM
>> To: Eran Hammer-Lahav
>> Cc: OAuth WG
>> Subject: Re: [OAUTH
I think we want the same thing and I can adjust my proposal to align with your
comments below. I'll post in a separate thread.
EHL
From: Brian Eaton [mailto:bea...@google.com]
Sent: Thursday, June 16, 2011 9:19 AM
To: Eran Hammer-Lahav
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Redirection UR
On Wed, Jun 15, 2011 at 12:37 PM, Eran Hammer-Lahav wrote:
> 1. Why not require the registration of a redirection URI for implicit grant
> requests, removing the redirect_uri parameter completely from the request
> (the client can still use the state parameter)?
>
As others have stated, this is a
I would be interested in working out a solution where client identifier is just
the redirection URI registered (or not), which would completely decouple client
authentication from the rest of the flow. But that's a much bigger change.
EHL
From: Manger, James H [mailto:james.h.man...@team.telstr
It seems like an authorization server receiving a request with an unregistered
redirect_uri of https://example.org/ can tell the user:
"Permission will be passed to your browser then onto *example.org*"
An authorization server receiving a request with a registered redirect_uri of
https://
> -Original Message-
> From: Shane B Weeden [mailto:swee...@au1.ibm.com]
> Sent: Wednesday, June 15, 2011 3:19 PM
> To: Eran Hammer-Lahav
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Redirection URI and Implicit grant
>
> > From: Eran Hammer-Lahav
> > To: O
> From: Eran Hammer-Lahav
> To: OAuth WG
> Date: 16-06-11 05:43 AM
> Subject: [OAUTH-WG] Redirection URI and Implicit grant
> Sent by: oauth-boun...@ietf.org
>
> This is coming from recent experience building a full web service
> and multiple clients using OAuth 2.0.
This is coming from recent experience building a full web service and multiple
clients using OAuth 2.0. I am going to make these changes to my own
implementation and would like to raise the questions here and discuss possible
changes.
A few questions:
1. Why not require the registration of a r
