[keycloak-dev] Redirect URI and JavaScript origins
Stian Thorgersen
stian at redhat.com
Fri Jul 19 09:59:39 EDT 2013
In IdentityBoker you can specify a single redirect url and a single authorized javascript origin. The plan was to eventually allow multiple of both, including the use of patterns. So for example for a single application the following values would be valid for redirect uri:
http://hostname/site/welcome.html
http://hostname/site/*.html
http://hostname/site/*
An redirect_uri query parameter is used to specify the actual value, and it is required to match one of the values specified for the application. It should also be possible to select a default redirect uri that is used if no redirect_uri parameter is included.
The authorized javascript origin is used to specify what domains are allowed to do CORS request. This is required by the JavaScript SDK so that it can invoke REST endpoints when deployed to a different domain than the IdentityBroker server.
This is pretty much the same as Google does with the addition of being able to specify patterns in the redirect_uris. The main purpose of adding this is so that users can be redirected back to the page a user was on prior to clicking on login.
Does this match the plan for Keycloak?
More information about the keycloak-dev
mailing list