[keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
Corinne Krych
corinnekrych at gmail.com
Tue May 20 11:54:12 EDT 2014
>From what i’ve seen with oob uri seems to be mainly used by Google.
Facebook will use a redirect_uri which looks like fb<appId>://authorize/
Not sure there is a standard way of expressing out of bound uri.
++
Corinne
On 20 May 2014, at 17:51, Stian Thorgersen <stian at redhat.com> wrote:
> Not sure what you mean, but if you're asking if a login request can have '..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without 'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the application/client, then no.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 20 May, 2014 4:32:06 PM
>> Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
>>
>> If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
>> always acceptable?
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list