`redirect_uris` must be HTTPS and not localhost

ConsumerDataStandardsAustralia / infosec

Work space for the consumer data right information security profile development in Australia

MIT License

16 stars 5 forks source link

`redirect_uris` must be HTTPS and not localhost #54

Closed nghamilton closed 5 years ago

nghamilton commented 5 years ago

Should the specification of redirect_uris in Client Registration Endpoint include a mention of the mandatory requirement that redirect URIs need to be HTTPS and also not localhost URIs?

lukepopp commented 5 years ago

This should be present in the referenced profiles (FAPI or OIDC).

JamesMBligh commented 5 years ago

As this is in the normative profiles that are referenced this issue will be closed

-JB-