[keycloak-dev] Redirect URI and JavaScript origins
Bill Burke
bburke at redhat.com
Fri Jul 19 13:13:05 EDT 2013
Didn't think of redirect patterns. The Resteasy OAuth2 stuff sends the
redirect URL in the redirect back to the server, well, because there's
no way to store that information. I'm glad you brought this up because
I forgot. I made a jira for this. Please log a jira if you have more
things.
https://issues.jboss.org/browse/KEYCLOAK
On 7/19/2013 9:59 AM, Stian Thorgersen wrote:
> In IdentityBoker you can specify a single redirect url and a single authorized javascript origin. The plan was to eventually allow multiple of both, including the use of patterns. So for example for a single application the following values would be valid for redirect uri:
>
> http://hostname/site/welcome.html
> http://hostname/site/*.html
> http://hostname/site/*
>
> An redirect_uri query parameter is used to specify the actual value, and it is required to match one of the values specified for the application. It should also be possible to select a default redirect uri that is used if no redirect_uri parameter is included.
>
> The authorized javascript origin is used to specify what domains are allowed to do CORS request. This is required by the JavaScript SDK so that it can invoke REST endpoints when deployed to a different domain than the IdentityBroker server.
>
> This is pretty much the same as Google does with the addition of being able to specify patterns in the redirect_uris. The main purpose of adding this is so that users can be redirected back to the page a user was on prior to clicking on login.
>
> Does this match the plan for Keycloak?
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list