On 23 November 2015 at 20:00, Håvard Wigtil <haavard.wigtil@kantega.no> wrote:

I'm trying to get a relative (i.e. path only with no host) redirect URI
for a Keycloak client to work. My client works with full host and path,
but if I remove the host part I get an illegal parameter error.

What do you mean you get an illegal parameter error?

The inline help bubble has the following sentence: "Relative path can be
specified too, i.e. /my/relative/path/*."
So as far as I can tell, it should work according to the help message.
As I was trying to find out more about this I came across Jira issue
KEYCLOAK-8[1], where a comment pointed to section 3.2.1[2] of the OAuth
2.0 spec. If I'm reading the spec correctly the redirect *must* be
absolute to be conformant with the spec.

Relative URLs are supported, but they are resolved to absolute URLs by adding the Root URL of the client. If you don't specify the root URL the root URL of Keycloak is used

Is the inline help wrong, or is it something here that I don't get?

Håvard

[1] https://issues.jboss.org/browse/KEYCLOAK-8
[2] https://tools.ietf.org/html/rfc6749#section-3.1.2

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user