[keycloak-dev] Open Redirect Vulnerability

Bill Burke bburke at redhat.com
Wed Apr 15 19:31:17 EDT 2015


One more thing...

We never redirect unless the redirect URI and client id is validated.

On 4/15/2015 4:57 PM, Pedro Igor Silva wrote:
> Hi,
>
>      Is KC considering this vulnerability [1] when performing redirects ? Specially for OAuth Clients doing authorization code grant.
>
> Regards.
>
> [1] http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list