[keycloak-dev] Open Redirect Vulnerability
Bill Burke
bburke at redhat.com
Wed Apr 15 19:31:17 EDT 2015
One more thing...
We never redirect unless the redirect URI and client id is validated.
On 4/15/2015 4:57 PM, Pedro Igor Silva wrote:
> Hi,
>
> Is KC considering this vulnerability [1] when performing redirects ? Specially for OAuth Clients doing authorization code grant.
>
> Regards.
>
> [1] http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list