The minutes from the special meeting included:
TODO: Eran to add extensibility language for this based on requirements.
- "RedirectURI" should be optional
TODO: Eran to send mail to the list proposing language changes to either change
this from REQUIRED to OPTIONAL and add clarifying language, or leave as
required and add a pre-defined value for "we're not actually using this".
Is this proposed change just limited to section 4.5? It seems to make sense to
have redirect_uri be optional in section 4.1.3 as well (access token request
using grant_type authorization code). Since this request is made directly from
the client to the authorization server, I don't see why this would be required.
For at least some implementations of the 3-legged flow, it would make sense to
not have this be a requirement.
Comments?
Thanks,
-- Mike
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
