[
https://issues.apache.org/jira/browse/OLTU-180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rikard Swahn updated OLTU-180:
------------------------------
Description:
The parameter redirect_uri is now required in Oltu for requests to /token with
grant_type=authorization_code.
It should only be required if it was also included in the previous
authorization request, see http://tools.ietf.org/html/rfc6749#page-29
So AuthorizationCodeValidator should not add redirect_uri as a required
parameter: "requiredParams.add(OAuth.OAUTH_REDIRECT_URI);"
This parameter could for example be set as required using some setting sent in
to the OAuthTokenRequest constructor.
was:
The parameter redirect_uri is required for requests to /token with
grant_type=authorization_code. This requests exchanges an authorization code
for an access token and no redirect is done here.
So AuthorizationCodeValidator should not add redirect_uri as a required
parameter: "requiredParams.add(OAuth.OAUTH_REDIRECT_URI);"
> Parameter redirect_uri is required for /token with
> grant_type=authorization_code
> --------------------------------------------------------------------------------
>
> Key: OLTU-180
> URL: https://issues.apache.org/jira/browse/OLTU-180
> Project: Apache Oltu
> Issue Type: Bug
> Reporter: Rikard Swahn
>
> The parameter redirect_uri is now required in Oltu for requests to /token
> with grant_type=authorization_code.
> It should only be required if it was also included in the previous
> authorization request, see http://tools.ietf.org/html/rfc6749#page-29
> So AuthorizationCodeValidator should not add redirect_uri as a required
> parameter: "requiredParams.add(OAuth.OAUTH_REDIRECT_URI);"
> This parameter could for example be set as required using some setting sent
> in to the OAuthTokenRequest constructor.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
