On Mon, May 2, 2011 at 11:33 AM, Freeman, Tim wrote:
> The issues around redirect_uri seem muddled to me.
>
Yeah. =/ It's unfortunate. I think the problem is that implementers
disagree on what type of redirect uri validation to do, so the spec has
papered over the inconsistencies with muddled
#x27;s. I haven't read the security considerations document carefully
enough to know whether the failure scenario I described appears in it.
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Eaton
Sent: Saturday, April 30, 2011 2:29 PM
To: Doug Tangren
Cc: oauth@ie
On Fri, Apr 29, 2011 at 11:21 AM, Doug Tangren wrote:
> Is this required or not? In the example
> http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-3.1 it's listed
> in the example but not itemized as optional or required. It's not in the
> example for refreshing tokens
> http://tools.iet
Is this required or not? In the example
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-3.1 it's listed in
the example but not itemized as optional or required. It's not in the
example for refreshing tokens
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-6 though that
section li
