[keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
Stian Thorgersen
stian at redhat.com
Tue May 20 12:15:45 EDT 2014
It's not in the RFC, but there's a few other oauth2 implementations that uses it, and it doesn't have any reference to Google directly, so seems good to me.
----- Original Message -----
> From: "Corinne Krych" <corinnekrych at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>, keycloak-dev at lists.jboss.org
> Cc: "Bill Burke" <bburke at redhat.com>
> Sent: Tuesday, 20 May, 2014 4:54:12 PM
> Subject: Re: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
>
> From what i’ve seen with oob uri seems to be mainly used by Google.
> Facebook will use a redirect_uri which looks like fb<appId>://authorize/
>
> Not sure there is a standard way of expressing out of bound uri.
>
> ++
> Corinne
>
> On 20 May 2014, at 17:51, Stian Thorgersen <stian at redhat.com> wrote:
>
> > Not sure what you mean, but if you're asking if a login request can have
> > '..?redirect_uri=urn:ietf:wg:oauth:2.0:oob' without
> > 'urn:ietf:wg:oauth:2.0:oob' listed as a valid redirect_uri on the
> > application/client, then no.
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Tuesday, 20 May, 2014 4:32:06 PM
> >> Subject: [keycloak-dev] urn:ietf:wg:oauth:2.0:oob always valid?
> >>
> >> If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is
> >> always acceptable?
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
More information about the keycloak-dev
mailing list