5:32 p.m.
If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
always acceptable?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
5:51 p.m.
Not sure what you mean, but if you're asking if a login request can have
'..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without
'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the
application/client, then no.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, 20 May, 2014 4:32:06 PM
Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
always acceptable?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
5:54 p.m.
From what i’ve seen with oob uri seems to be mainly used by Google.
Facebook will use a redirect_uri which looks like fb<appId>://authorize/
Not sure there is a standard way of expressing out of bound uri.
++
Corinne
On 20 May 2014, at 17:51, Stian Thorgersen <stian(a)redhat.com> wrote:
Not sure what you mean, but if you're asking if a login request
can have '..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without
'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the
application/client, then no.
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 20 May, 2014 4:32:06 PM
> Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
>
> If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
> always acceptable?
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
6:15 p.m.
It's not in the RFC, but there's a few other oauth2 implementations that uses it,
and it doesn't have any reference to Google directly, so seems good to me.
----- Original Message -----
From: "Corinne Krych" <corinnekrych(a)gmail.com>
To: "Stian Thorgersen" <stian(a)redhat.com>, keycloak-dev(a)lists.jboss.org
Cc: "Bill Burke" <bburke(a)redhat.com>
Sent: Tuesday, 20 May, 2014 4:54:12 PM
Subject: Re: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
From what i’ve seen with oob uri seems to be mainly used by Google.
Facebook will use a redirect_uri which looks like fb<appId>://authorize/
Not sure there is a standard way of expressing out of bound uri.
++
Corinne
On 20 May 2014, at 17:51, Stian Thorgersen <stian(a)redhat.com> wrote:
> Not sure what you mean, but if you're asking if a login request can have
> '..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without
> 'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the
> application/client, then no.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Tuesday, 20 May, 2014 4:32:06 PM
>> Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
>>
>> If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
>> always acceptable?
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
7:18 p.m.
Ok, then I need to fix this.
On 5/20/2014 11:51 AM, Stian Thorgersen wrote:
Not sure what you mean, but if you're asking if a login request
can have '..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without
'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the
application/client, then no.
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 20 May, 2014 4:32:06 PM
> Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
>
> If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
> always acceptable?
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3880
days inactive
3880
days old
4 comments
3 participants
participants (3)
-
Bill Burke -
Corinne Krych -
Stian Thorgersen