> From: Eran Hammer-Lahav <[email protected]> > To: OAuth WG <[email protected]> > Date: 16-06-11 05:43 AM > Subject: [OAUTH-WG] Redirection URI and Implicit grant > Sent by: [email protected] > > This is coming from recent experience building a full web service > and multiple clients using OAuth 2.0. I am going to make these > changes to my own implementation and would like to raise the > questions here and discuss possible changes. > > A few questions: > > 1. Why not require the registration of a redirection URI for > implicit grant requests, removing the redirect_uri parameter > completely from the request (the client can still use the state parameter)?
I can imagine situations where one-or-more redirect URI's may be required rather than a single explicit URI. I think that either a child-urlpath-of-the-registered URI, and/or the ability to register multiple valid URI's for a particular client id allows this without being overly restrictive. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
