[keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?

Corinne Krych corinnekrych at gmail.com
Tue May 20 11:54:12 EDT 2014


>From what i’ve seen with oob uri seems to be mainly used by Google.
Facebook will use a redirect_uri which looks like fb<appId>://authorize/

Not sure there is a standard way of expressing out of bound uri.

++
Corinne

On 20 May 2014, at 17:51, Stian Thorgersen <stian at redhat.com> wrote:

> Not sure what you mean, but if you're asking if a login request can have '..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without 'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the application/client, then no.
> 
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 20 May, 2014 4:32:06 PM
>> Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
>> 
>> If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
>> always acceptable?
>> 
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev




More information about the keycloak-dev mailing list