Would it be worth adding a short note in Section 6.1 clarifying that redirect URI relationship policies should not prevent loopback redirect handling for public native clients, as described in RFC 8252 Section 7.3?
Native public clients need to use loopback redirect URIs with an ephemeral port. Thanks, Bernard _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
