If like many people, URN's give you an allergic reaction, you can also consider:
http://oauth.net/2.0/redirection/oob Or something like that. The advantage of the URN is that if the server doesn't support this, it doesn't end up sending the user to oauth.net... ;-) EHL > -----Original Message----- > From: Marius Scurtescu [mailto:mscurte...@google.com] > Sent: Friday, January 28, 2011 11:25 AM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Native Client Extension > > On Fri, Jan 28, 2011 at 10:25 AM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > -12 3.1.1: > > > > The redirection URI MUST be an absolute URI and MAY include a query > > component, which MUST be retained by the authorization server when > > adding additional query parameters. > > > > 'oob' is not an absolute URI. > > Good point, I missed the absolute part. Thanks for pointing this out. > > Let me think about it, the URN you suggested is a good start. > > Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
