[keycloak-user] Are relative redirect URIs supported?
Stian Thorgersen
sthorger at redhat.com
Mon Nov 23 14:17:55 EST 2015
On 23 November 2015 at 20:00, Håvard Wigtil <haavard.wigtil at kantega.no>
wrote:
> I'm trying to get a relative (i.e. path only with no host) redirect URI
> for a Keycloak client to work. My client works with full host and path,
> but if I remove the host part I get an illegal parameter error.
>
What do you mean you get an illegal parameter error?
>
> The inline help bubble has the following sentence: "Relative path can be
> specified too, i.e. /my/relative/path/*."
> So as far as I can tell, it should work according to the help message.
> As I was trying to find out more about this I came across Jira issue
> KEYCLOAK-8[1], where a comment pointed to section 3.2.1[2] of the OAuth
> 2.0 spec. If I'm reading the spec correctly the redirect *must* be
> absolute to be conformant with the spec.
>
Relative URLs are supported, but they are resolved to absolute URLs by
adding the Root URL of the client. If you don't specify the root URL the
root URL of Keycloak is used
>
> Is the inline help wrong, or is it something here that I don't get?
>
> Håvard
>
>
> [1] https://issues.jboss.org/browse/KEYCLOAK-8
> [2] https://tools.ietf.org/html/rfc6749#section-3.1.2
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/d15ab800/attachment.html
More information about the keycloak-user
mailing list