Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4883

OAuth2 RedirectionBasedService needs to do only a strict comparison of redirect URI

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      At the moment, RedirectionBasedService (authorization & implicit flows) will use the client application URI if other registered redirect URIs do not match the current redirect URI.
      For example, if the client application URI is "https://photos.com", and the current redirectUri is "https://photos.com/1?a=2" then the check will pass as "https://photos.com/1?a=2" starts from "https://photos.com".
      OAuth2 experts have strongly recommended recently to use the strict comparison only, which is what this service will do from now on

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              sergey_beryozkin Sergey Beryozkin
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: