Doing redirection in error conditions relates to OpenID Connect flows too.
There's been some related discussion recently about it in this issue:
https://bitbucket.org/openid/connect/issues/1023/clarify-
that-returning-errors-to-the
On Tue, Mar 20, 2018 at 7:38 PM, Brian Campbell
wrote:
> The str
On Wed, Mar 21, 2018 at 8:36 AM, Brian Campbell
wrote:
> Doing redirection in error conditions relates to OpenID Connect flows too.
Also Mobile Connect. Those folks will be very upset by this change, I'm sure.
___
OAuth mailing list
OAuth@ietf.org
http
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
The IESG has approved the following document:
- 'OAuth 2.0 Authorization Server Metadata'
(draft-ietf-oauth-discovery-10.txt) as Proposed Standard
This document is the product of the Web Authorization Protocol Working Group.
The IESG contact persons are Kathleen Moriarty and Eric Rescorla.
A U
Hi all,
thanks for your feedback. Here is my text proposal for section 3.8.1.
——
Attackers could try to utilize a user's trust in the authorization
server (and its URL in particular) for performing phishing attacks.
RFC 6749 already prevents open redirects by stating the AS
MUST NOT automa
