> > 2. What is the error if a client_id using this scheme on the authorization > endpoint isn't acceptable? "unauthorized_client"? >
There's no "error" returned. A rendered error page is expected since there's no client ergo no validated redirect_uri. S pozdravem, *Filip Skokan* On Sat, 11 Oct 2025 at 21:43, Michael Sweet <msweet= [email protected]> wrote: > All, > > I finally had a chance to look through this latest (adopted) draft, and I > like the simplicity this brings over dynamic client registration. That > said, I have a couple quick comments/questions: > > 1. What about PKCE/OpenID "native" authorization with a redirect URI of " > http://127.0.0.1/some/path";? There is discussion of "maybe the AS will > require same-origin URIs" but that would preclude native auth flows. Would > be nice to talk about it and, if optional, have some guidance about what > the AS does. > > 2. What is the error if a client_id using this scheme on the authorization > endpoint isn't acceptable? "unauthorized_client"? > > Thanks to the AS metadata, I can see supporting this in the CUPS OAuth > client fairly quickly... > > ________________________ > Michael Sweet > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
