[keycloak-dev] redirect_uri validation on Keycloak 1.9.x

Corinne Krych corinnekrych at gmail.com
Tue May 3 06:33:27 EDT 2016


Hello guys,

Moving cookbook demo AeroGear iOS sdk to Keycloak 1.9.x I noticed that the
redirect_uri validation has changes . I used to have
"org.aerogear.Shoot://oauth2Callback" for a redirect_uri. In iOS land we
used custom schema [1], as a best practice very often the first part of it
is defined using the iOS bundle id (Apple unique id) which most of the time
contains a mix of upper/lower case letters.

When discussing the subject on irc with @Marek, it seems there might be an
issue in RedirectUtils.lowerCaseHostname in
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java#L119

I converted this url to : "org.aerogear.shoot://oauth2Callback" and it
works better [2] and did change locally the bundle id of the iOs app. But in
KC 1.4.x I was able to use upper case in redirect_uri and for an iOS point
of view, it was much more convenient. What is the reasoning behind
redirect_uri? Should we use http(s) as the only protocol?

Thanks for your feedback.
++
Corinne
[1]
http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
[2] https://github.com/aerogear/aerogear-backend-cookbook/pull/30/files
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160503/47f6d040/attachment.html 


More information about the keycloak-dev mailing list