According to documentation in [1]
{
"redirect_uris": ["server.example.com"],
"client_name": "application_1",
"ext_param_owner": "application_owner",
"grant_types": ["password"]
}
Still our intension is to accept DCR request with redirect_uris for
password grant type. Only concern is to remove mandatory validation for at
least one redirect uri if grant type is password or client credentials.
Is there a way to inform client by saying something like provided redirect
uri will not be in used ?
[1]
https://docs.wso2.com/display/IS530/OpenID+Connect+Dynamic+Client+Registration
Thanks,
Gayan
On Thu, Apr 27, 2017 at 11:06 AM, Harsha Thirimanna <hars...@wso2.com>
wrote:
>
>
> On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena" <man...@wso2.com> wrote:
>
> +1 for removing mandatory validation.
>
> Dynamic OAUTH2 client Registration management protocol [1] will implement
> in IS next version?
>
> Yes
>
> Once support that, DCR should be able to update the mandatory or optional
> of redirect urls depends on the grant type.
>
> Not under dcr. Update is under DCRM.
>
>
>
> [1] https://tools.ietf.org/html/rfc7592
>
>
>
>
> On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe <nuwan...@wso2.com
> > wrote:
>
>> Thanks Johann and Pushpalanka. Updated [1] with details.
>>
>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>
>> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana <la...@wso2.com
>> > wrote:
>>
>>> Hi,
>>>
>>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby <joh...@wso2.com>
>>> wrote:
>>>
>>>> +1. However we have to make sure that if we update the application with
>>>> authorization_code or implicit grant type, then we have to validate that at
>>>> least one redirect_uri is also provided.
>>>>
>>>> Regards,
>>>> Johann.
>>>>
>>>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
>>>> nuwan...@wso2.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to
>>>>> send at least one redirect uri for any grant type and otherwise will give
>>>>> following error response.
>>>>>
>>>>> {
>>>>> "error_description": "RedirectUris property must have at least one
>>>>> URI value.",
>>>>> "error": "invalid_client_metadata"
>>>>> }
>>>>>
>>>>>
>>>>> AFAIU there is no significance of a redirect URI for grant types that
>>>>> do not have a redirection in the flow. Shall we allow client registration
>>>>> without redirect URI for the other grant types such as password, client
>>>>> credentials and SAML2
>>>>>
>>>>> [1] states that
>>>>>
>>>>> The implementation and use of all client metadata
>>>>> fields is OPTIONAL, unless stated otherwise.
>>>>>
>>>>>
>>>>> ..
>>>>>
>>>>>
>>>>> redirect_uris
>>>>> Array of redirection URI strings for use in redirect-based flows
>>>>> such as the authorization code and implicit flows. As required by
>>>>> Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of OAuth
>>>>> 2.0 [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients using flows
>>>>> with
>>>>> redirection MUST register their redirection URI values.
>>>>> Authorization servers that support dynamic registration for
>>>>> redirect-based flows MUST implement support for this metadata
>>>>> value.
>>>>>
>>>>>
>>>>> [1] https://tools.ietf.org/html/rfc7591#section-2
>>>>>
>>>> +1.
>>> We already have a task to track and fix on these compliancy issues as at
>>> [1]. Please create or add these details there too, so we can make sure we
>>> address this and rectify.
>>>
>>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>>
>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Best Regards,
>>>>>
>>>>> Nuwandi Wickramasinghe
>>>>>
>>>>> Software Engineer
>>>>>
>>>>> WSO2 Inc.
>>>>>
>>>>> Web : http://wso2.com
>>>>>
>>>>> Mobile : 0719214873 <071%20921%204873>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks & Regards,
>>>>
>>>> *Johann Dilantha Nallathamby*
>>>> Technical Lead & Product Lead of WSO2 Identity Server
>>>> Governance Technologies Team
>>>> WSO2, Inc.
>>>> lean.enterprise.middleware
>>>>
>>>> Mobile - *+94777776950*
>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>>>
>>>
>>>
>>>
>>> --
>>> Pushpalanka.
>>> --
>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/
>>> Mobile: +94779716248
>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>>> ushpalanka/ | Twitter: @pushpalanka
>>>
>>>
>>
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Manoj Gunawardena
> Tech Lead
> WSO2, Inc.: http://wso2.com
> lean.enterprise.middleware
> Mobile : +94 77 2291643
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Gayan Gunawardana
Software Engineer; WSO2 Inc.; http://wso2.com/
Email: ga...@wso2.com
Mobile: +94 (71) 8020933
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
