oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rikard Swahn (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OLTU-180) Parameter redirect_uri is required for /token with grant_type=authorization_code
Date Fri, 11 Sep 2015 13:25:46 GMT

     [ https://issues.apache.org/jira/browse/OLTU-180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rikard Swahn updated OLTU-180:
------------------------------
    Description: 
The parameter redirect_uri is required in Oltu for requests to /token with grant_type=authorization_code.

It should only be required if it was also included in the previous authorization request,
see http://tools.ietf.org/html/rfc6749#page-29

So AuthorizationCodeValidator should not add redirect_uri as a required parameter uncondtionally.
This parameter could for example be set as required using some setting sent in to the OAuthTokenRequest
constructor.



  was:
The parameter redirect_uri is now required in Oltu for requests to /token with grant_type=authorization_code.

It should only be required if it was also included in the previous authorization request,
see http://tools.ietf.org/html/rfc6749#page-29

So AuthorizationCodeValidator should not add redirect_uri as a required parameter uncondtionally.
This parameter could for example be set as required using some setting sent in to the OAuthTokenRequest
constructor.




> Parameter redirect_uri is required for /token with grant_type=authorization_code
> --------------------------------------------------------------------------------
>
>                 Key: OLTU-180
>                 URL: https://issues.apache.org/jira/browse/OLTU-180
>             Project: Apache Oltu
>          Issue Type: Bug
>            Reporter: Rikard Swahn
>
> The parameter redirect_uri is required in Oltu for requests to /token with grant_type=authorization_code.
> It should only be required if it was also included in the previous authorization request,
see http://tools.ietf.org/html/rfc6749#page-29
> So AuthorizationCodeValidator should not add redirect_uri as a required parameter uncondtionally.
This parameter could for example be set as required using some setting sent in to the OAuthTokenRequest
constructor.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message