[OLTU-109] OAuthTokenRequest unnecessarily requires the "redirect_uri" parameter - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: oauth2-0.22
Fix Version/s: oauth2-0.31
Component/s: oauth2-authzserver
Labels:
None
Environment:
Authorization Server

Description

The OAuthTokenRequest(HttpServletRequest) constructor will inappropriately fail if the "redirect_uri" parameter is missing. This is only required if the "redirect_uri" was given in the previous, "code" request. From the specification (section 4.1.3):

redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the
authorization request as described in Section 4.1.1, and their
values MUST be identical.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: John Jenkins

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/May/13 16:18

Updated:: 23/Feb/16 08:18

Resolved:: 23/Feb/16 08:18