I likewise believe there is a lot of value in this work and support the
document moving forward.
I reviewed -03 and have just a couple nits:
Loopback URI Redirection in section 3
<https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03#section-7.3>
(which the author is already aware of because he mentioned it to me)
doesn't fully account for how a path component of the URI would be used to
allow a client to use and rely on distinct per-AS redirect URIs.
Appendix A.1. iOS Implementation Details
<https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03#appendix-A.1>
has "Clients SHOULD use Universal Links for authorization requests ... "
but, in the context of what's being discussed there, shouldn't it say to
use Universal Links for *redirect URIs*? Or am I confused here?
On Sun, Jul 24, 2016 at 11:30 AM, Torsten Lodderstedt <
Hi,
generally, I considers this a highly valuable contribution and support to
move it forward.
section 7.3, last paragraph: "... as it is less susceptible
to misconfigured routing and client side firewalls Note ..." - I think
a period is missing between "firewalls" and "Note" potentially a line break
would be appropriate.
section 8.2 - The term PKCE is used in the second paragraph but not
defined before the fourth paragraph. I suggest to define PKCE on first use.
best regards,
Torsten.
Hi all,
William has submitted an update, as promised during the OAuth WG session
on Monday. Hence, we will start a Last Call for comments on the "OAuth
2.0 for Native Apps" specification.
The document can be found here:https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03
Please have your comments in no later than August 8th.
Ciao
Hannes & Derek
_______________________________________________
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth