Skip to content
This repository has been archived by the owner on Jan 11, 2019. It is now read-only.

Disable "soft" matching of redirect URIs #4

Open
aktiur opened this issue Mar 14, 2017 · 0 comments
Open

Disable "soft" matching of redirect URIs #4

aktiur opened this issue Mar 14, 2017 · 0 comments
Assignees
@aktiur
Labels
bug

Comments

@aktiur
Copy link
Member

aktiur commented Mar 14, 2017

Currently, the client validation verifies that the redirect URI provided as part of step 1 of the OAuth process is, once stripped of its query parameters, equal to one of the registered URIs for this client.

The OAuth2 spec says that matching the redirect URI should be done on the full URI, so that soft matching should be deactivated.
@aktiur aktiur self-assigned this Mar 20, 2017
@aktiur aktiur added the bug label Mar 20, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@aktiur aktiur

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aktiur