[
https://issues.apache.org/jira/browse/OLTU-194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Simone Tripodi reassigned OLTU-194:
-----------------------------------
Assignee: Antonio Sanso
> Parameter OAUTH_REDIRECT_URI is considered REQUIRED even when it shouldn't
> --------------------------------------------------------------------------
>
> Key: OLTU-194
> URL: https://issues.apache.org/jira/browse/OLTU-194
> Project: Apache Oltu
> Issue Type: Bug
> Reporter: Michael Javault
> Assignee: Antonio Sanso
> Priority: Minor
> Labels: review
>
> The current implementation of the {{OAuthTokenRequest}} forces all
> authorization code requests to provide a redirect URI, or fails, using
> {{AuthorizationCodeValidator}}:
> {{AuthorizationCodeValidator.java:38}}
> {code}
> requiredParams.add(OAuth.OAUTH_REDIRECT_URI);
> {code}
> But per the [RFC 6749|http://tools.ietf.org/html/rfc6749#section-4.1.3], the
> redirect URI field is not always required:
> {noformat}
> redirect_uri
> REQUIRED, if the "redirect_uri" parameter was included in the
> authorization request as described in Section 4.1.1, and their
> values MUST be identical.
> {noformat}
> I am working with clients that force registration per [section
> 3.1.2.2|http://tools.ietf.org/html/rfc6749#section-3.1.2.2], and do not
> provide a redirect URI.
> As a work around, I am using the {{OAuthUnauthenticatedTokenRequest}} class
> instead of the {{OAuthTokenRequest}} but I have to re-implement the
> {{validateClientAuthenticationCredentials()}} function.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
