You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oltu.apache.org by "Rikard Swahn (JIRA)" <ji...@apache.org> on 2015/09/11 15:05:45 UTC

[jira] [Updated] (OLTU-180) Parameter redirect_uri is required for /token with grant_type=authorization_code

     [ https://issues.apache.org/jira/browse/OLTU-180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rikard Swahn updated OLTU-180:
------------------------------
    Description: 
The parameter redirect_uri is now required in Oltu for requests to /token with grant_type=authorization_code.

It should only be required if it was also included in the previous authorization request, see http://tools.ietf.org/html/rfc6749#page-29

So AuthorizationCodeValidator should not add redirect_uri as a required parameter: "requiredParams.add(OAuth.OAUTH_REDIRECT_URI);"
This parameter could for example be set as required using some setting sent in to the OAuthTokenRequest constructor.



  was:
The parameter redirect_uri is required for requests to /token with grant_type=authorization_code. This requests exchanges an authorization code for an access token and no redirect is done here.

So AuthorizationCodeValidator should not add redirect_uri as a required parameter: "requiredParams.add(OAuth.OAUTH_REDIRECT_URI);"




> Parameter redirect_uri is required for /token with grant_type=authorization_code
> --------------------------------------------------------------------------------
>
>                 Key: OLTU-180
>                 URL: https://issues.apache.org/jira/browse/OLTU-180
>             Project: Apache Oltu
>          Issue Type: Bug
>            Reporter: Rikard Swahn
>
> The parameter redirect_uri is now required in Oltu for requests to /token with grant_type=authorization_code.
> It should only be required if it was also included in the previous authorization request, see http://tools.ietf.org/html/rfc6749#page-29
> So AuthorizationCodeValidator should not add redirect_uri as a required parameter: "requiredParams.add(OAuth.OAUTH_REDIRECT_URI);"
> This parameter could for example be set as required using some setting sent in to the OAuthTokenRequest constructor.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)