Re: [keycloak-user] Are relative redirect URIs supported?

Monday, 23 November 2015

A relative URI *will not* be accepted if it is passed as a query 
parameter when a client is requesting a code.  An absolute URI *MUST BE* 
sent via the redirect_uri query parameter.  For admin console config, if 
you put in relative path in your valid redirect URIs, it uses the 
host/port of the auth server.  A bunch of the demos work that way.  So, 
if you host the auth server on mydomain.com, 
https://localhost/my/relative/path will match and 
https://mydomain.com/my/relative/path will work too.  Make sense?

On 11/23/2015 2:00 PM, Håvard Wigtil wrote:
...
 I'm trying to get a relative (i.e. path only with no host)
redirect URI
 for a Keycloak client to work. My client works with full host and path,
 but if I remove the host part I get an illegal parameter error.

 The inline help bubble has the following sentence: "Relative path can be
 specified too, i.e. /my/relative/path/*."
 So as far as I can tell, it should work according to the help message.
 As I was trying to find out more about this I came across Jira issue
 KEYCLOAK-8[1], where a comment pointed to section 3.2.1[2] of the OAuth
 2.0 spec. If I'm reading the spec correctly the redirect *must* be
 absolute to be conformant with the spec.

 Is the inline help wrong, or is it something here that I don't get?

     Håvard

 [1] https://issues.jboss.org/browse/KEYCLOAK-8
 [2] https://tools.ietf.org/html/rfc6749#section-3.1.2

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Are relative redirect URIs supported?