According to documentation in [1] { "redirect_uris": ["server.example.com"], "client_name": "application_1", "ext_param_owner": "application_owner", "grant_types": ["password"] }
Still our intension is to accept DCR request with redirect_uris for password grant type. Only concern is to remove mandatory validation for at least one redirect uri if grant type is password or client credentials. Is there a way to inform client by saying something like provided redirect uri will not be in used ? [1] https://docs.wso2.com/display/IS530/OpenID+Connect+Dynamic+Client+Registration Thanks, Gayan On Thu, Apr 27, 2017 at 11:06 AM, Harsha Thirimanna <hars...@wso2.com> wrote: > > > On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena" <man...@wso2.com> wrote: > > +1 for removing mandatory validation. > > Dynamic OAUTH2 client Registration management protocol [1] will implement > in IS next version? > > Yes > > Once support that, DCR should be able to update the mandatory or optional > of redirect urls depends on the grant type. > > Not under dcr. Update is under DCRM. > > > > [1] https://tools.ietf.org/html/rfc7592 > > > > > On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe <nuwan...@wso2.com > > wrote: > >> Thanks Johann and Pushpalanka. Updated [1] with details. >> >> [1] - https://wso2.org/jira/browse/IDENTITY-5879 >> >> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana <la...@wso2.com >> > wrote: >> >>> Hi, >>> >>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby <joh...@wso2.com> >>> wrote: >>> >>>> +1. However we have to make sure that if we update the application with >>>> authorization_code or implicit grant type, then we have to validate that at >>>> least one redirect_uri is also provided. >>>> >>>> Regards, >>>> Johann. >>>> >>>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe < >>>> nuwan...@wso2.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to >>>>> send at least one redirect uri for any grant type and otherwise will give >>>>> following error response. >>>>> >>>>> { >>>>> "error_description": "RedirectUris property must have at least one >>>>> URI value.", >>>>> "error": "invalid_client_metadata" >>>>> } >>>>> >>>>> >>>>> AFAIU there is no significance of a redirect URI for grant types that >>>>> do not have a redirection in the flow. Shall we allow client registration >>>>> without redirect URI for the other grant types such as password, client >>>>> credentials and SAML2 >>>>> >>>>> [1] states that >>>>> >>>>> The implementation and use of all client metadata >>>>> fields is OPTIONAL, unless stated otherwise. >>>>> >>>>> >>>>> .. >>>>> >>>>> >>>>> redirect_uris >>>>> Array of redirection URI strings for use in redirect-based flows >>>>> such as the authorization code and implicit flows. As required by >>>>> Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of OAuth >>>>> 2.0 [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients using flows >>>>> with >>>>> redirection MUST register their redirection URI values. >>>>> Authorization servers that support dynamic registration for >>>>> redirect-based flows MUST implement support for this metadata >>>>> value. >>>>> >>>>> >>>>> [1] https://tools.ietf.org/html/rfc7591#section-2 >>>>> >>>> +1. >>> We already have a task to track and fix on these compliancy issues as at >>> [1]. Please create or add these details there too, so we can make sure we >>> address this and rectify. >>> >>> [1] - https://wso2.org/jira/browse/IDENTITY-5879 >>> >>>> >>>>> >>>>> -- >>>>> >>>>> Best Regards, >>>>> >>>>> Nuwandi Wickramasinghe >>>>> >>>>> Software Engineer >>>>> >>>>> WSO2 Inc. >>>>> >>>>> Web : http://wso2.com >>>>> >>>>> Mobile : 0719214873 <071%20921%204873> >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Technical Lead & Product Lead of WSO2 Identity Server >>>> Governance Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> Pushpalanka. >>> -- >>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>> Mobile: +94779716248 >>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >>> ushpalanka/ | Twitter: @pushpalanka >>> >>> >> >> >> -- >> >> Best Regards, >> >> Nuwandi Wickramasinghe >> >> Software Engineer >> >> WSO2 Inc. >> >> Web : http://wso2.com >> >> Mobile : 0719214873 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Manoj Gunawardena > Tech Lead > WSO2, Inc.: http://wso2.com > lean.enterprise.middleware > Mobile : +94 77 2291643 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev