Re: [OAUTH-WG] [EXTERNAL] Re: OAuth Redirection Attacks

I tend to agree that the requirement to send errors back to the original domain is "over-zealous". It's also looping prone at scale - I've seen many a buggy https://contoso.example that issues a request to

[OAUTH-WG] draft-ietf-oauth-rar-08 review

Hi all, thanks for writing this document. I have read through it as part of my shepherd writeup and here are a few comments and questions. Generic Comments: As a style issue, it would be good to treat code segments as figures with a figure headings so that references in the text is easier to