Dear Aaron, 1. Yesterday you brought up an important issue of choosing "redirect_uri" to be REQUIRED vs OPTIONAL parameter at the authorization code endpoint. The esteemed members had their considered opinion that the definition should remain as it is.
2. However, I am of the opinion that an important parameter like "redirect_uri" needs to be more clearly defined. It can either be OPTIONAL or REQUIRED, but definitely cannot be both (as in the present definition). Maybe Aaron can bring up the topic again for discussion in the side meeting for further deliberations. Regards Jaimandeep Singh
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth