One more thing...
We never redirect unless the redirect URI and client id is validated.
On 4/15/2015 4:57 PM, Pedro Igor Silva wrote:
Hi,
Is KC considering this vulnerability [1] when performing redirects ? Specially for
OAuth Clients doing authorization code grant.
Regards.
[1]
http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-o...
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com