+1 for removing mandatory validation. Dynamic OAUTH2 client Registration management protocol [1] will implement in IS next version? Once support that, DCR should be able to update the mandatory or optional of redirect urls depends on the grant type.
[1] https://tools.ietf.org/html/rfc7592 On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe <[email protected]> wrote: > Thanks Johann and Pushpalanka. Updated [1] with details. > > [1] - https://wso2.org/jira/browse/IDENTITY-5879 > > On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana <[email protected]> > wrote: > >> Hi, >> >> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby <[email protected]> >> wrote: >> >>> +1. However we have to make sure that if we update the application with >>> authorization_code or implicit grant type, then we have to validate that at >>> least one redirect_uri is also provided. >>> >>> Regards, >>> Johann. >>> >>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send >>>> at least one redirect uri for any grant type and otherwise will give >>>> following error response. >>>> >>>> { >>>> "error_description": "RedirectUris property must have at least one URI >>>> value.", >>>> "error": "invalid_client_metadata" >>>> } >>>> >>>> >>>> AFAIU there is no significance of a redirect URI for grant types that >>>> do not have a redirection in the flow. Shall we allow client registration >>>> without redirect URI for the other grant types such as password, client >>>> credentials and SAML2 >>>> >>>> [1] states that >>>> >>>> The implementation and use of all client metadata >>>> fields is OPTIONAL, unless stated otherwise. >>>> >>>> >>>> .. >>>> >>>> >>>> redirect_uris >>>> Array of redirection URI strings for use in redirect-based flows >>>> such as the authorization code and implicit flows. As required by >>>> Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of OAuth >>>> 2.0 [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients using flows >>>> with >>>> redirection MUST register their redirection URI values. >>>> Authorization servers that support dynamic registration for >>>> redirect-based flows MUST implement support for this metadata >>>> value. >>>> >>>> >>>> [1] https://tools.ietf.org/html/rfc7591#section-2 >>>> >>> +1. >> We already have a task to track and fix on these compliancy issues as at >> [1]. Please create or add these details there too, so we can make sure we >> address this and rectify. >> >> [1] - https://wso2.org/jira/browse/IDENTITY-5879 >> >>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Nuwandi Wickramasinghe >>>> >>>> Software Engineer >>>> >>>> WSO2 Inc. >>>> >>>> Web : http://wso2.com >>>> >>>> Mobile : 0719214873 <071%20921%204873> >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >> ushpalanka/ | Twitter: @pushpalanka >> >> > > > -- > > Best Regards, > > Nuwandi Wickramasinghe > > Software Engineer > > WSO2 Inc. > > Web : http://wso2.com > > Mobile : 0719214873 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Manoj Gunawardena Tech Lead WSO2, Inc.: http://wso2.com lean.enterprise.middleware Mobile : +94 77 2291643
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
