Hello guys,
Moving cookbook demo AeroGear iOS sdk to Keycloak 1.9.x I
noticed that the redirect_uri validation has changes . I
used to have "org.aerogear.Shoot://oauth2Callback" for a
redirect_uri. In iOS land we used custom schema [1], as a
best practice very often the first part of it is defined
using the iOS bundle id (Apple unique id) which most of the
time contains a mix of upper/lower case letters.
When discussing the subject
on irc with @Marek, it seems there might be an issue in
RedirectUtils.lowerCaseHostname in
I converted this url to : "org.aerogear.shoot://oauth2Callback"
and it works better [2] and did change locally the bundle id
of the iOs app. But in KC 1.4.x I was able to use
upper case in redirect_uri and for an iOS point of view, it
was much more convenient. What is the reasoning behind
redirect_uri? Should we use http(s) as the only protocol?
Thanks for your feedback.
++
Corinne