This additional information makes a lot of sense. As you said in an earlier mail, the attempt to copy text from the OpenID Connect spec failed a bit...
On 07/08/2014 02:49 PM, Nat Sakimura wrote: > I suppose authors has imported one of the security feature of OpenID > Connect here as well. In the Dynamic Client Registration standard, which > is a bit longer than IETF version. You can see the reason from it: > > application_type > OPTIONAL. Kind of the application. The default, if omitted, is web. > The defined values are native or web. Web Clients using the OAuth > Implicit Grant Type MUST only register URLs using the https scheme > as redirect_uris; they MUST NOT use localhost as the hostname. > Native Clients MUST only register redirect_uris using custom URI > schemes or URLs using the http: scheme with localhost as the > hostname. Authorization Servers MAY place additional constraints on > Native Clients. Authorization Servers MAY reject Redirection URI > values using the http scheme, other than the localhost case for > Native Clients. The Authorization Server MUST verify that all the > registered redirect_uris conform to these constraints. This prevents > sharing a Client ID across different types of Clients. > > Regards, > > Nat > > > 2014-07-08 21:17 GMT+09:00 Hannes Tschofenig <hannes.tschofe...@gmx.net > <mailto:hannes.tschofe...@gmx.net>>: > > Hi all, > > with version -18 you guys have added a new meta-data attribute, namely > application_type. > > First, this new attribute is not listed in the IANA consideration > section. > > Second, could you provide a bit of motivation why you need it? What > would the authorization server do with that type of information? The > description is rather short. > > IMHO there is also no clear boundary between a "native" and "web" app. > Just think about smart phone apps that are developed using JavaScript. > Would this be a web app or a native app? > > Here is the definition from the draft: > > application_type > OPTIONAL. Kind of the application. The default, if omitted, is > "web". The defined values are "native" or "web". > > Ciao > Hannes > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > > > > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
