Didn't think of redirect patterns. The Resteasy OAuth2 stuff sends the
redirect URL in the redirect back to the server, well, because there's
no way to store that information. I'm glad you brought this up because
I forgot. I made a jira for this. Please log a jira if you have more
things.
https://issues.jboss.org/browse/KEYCLOAK
On 7/19/2013 9:59 AM, Stian Thorgersen wrote:
In IdentityBoker you can specify a single redirect url and a single
authorized javascript origin. The plan was to eventually allow multiple of both, including
the use of patterns. So for example for a single application the following values would be
valid for redirect uri:
http://hostname/site/welcome.html
http://hostname/site/*.html
http://hostname/site/*
An redirect_uri query parameter is used to specify the actual value, and it is required
to match one of the values specified for the application. It should also be possible to
select a default redirect uri that is used if no redirect_uri parameter is included.
The authorized javascript origin is used to specify what domains are allowed to do CORS
request. This is required by the JavaScript SDK so that it can invoke REST endpoints when
deployed to a different domain than the IdentityBroker server.
This is pretty much the same as Google does with the addition of being able to specify
patterns in the redirect_uris. The main purpose of adding this is so that users can be
redirected back to the page a user was on prior to clicking on login.
Does this match the plan for Keycloak?
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com