[keycloak-user] Are relative redirect URIs supported?
Bill Burke
bburke at redhat.com
Mon Nov 23 14:19:28 EST 2015
A relative URI *will not* be accepted if it is passed as a query
parameter when a client is requesting a code. An absolute URI *MUST BE*
sent via the redirect_uri query parameter. For admin console config, if
you put in relative path in your valid redirect URIs, it uses the
host/port of the auth server. A bunch of the demos work that way. So,
if you host the auth server on mydomain.com,
https://localhost/my/relative/path will match and
https://mydomain.com/my/relative/path will work too. Make sense?
On 11/23/2015 2:00 PM, Håvard Wigtil wrote:
> I'm trying to get a relative (i.e. path only with no host) redirect URI
> for a Keycloak client to work. My client works with full host and path,
> but if I remove the host part I get an illegal parameter error.
>
> The inline help bubble has the following sentence: "Relative path can be
> specified too, i.e. /my/relative/path/*."
> So as far as I can tell, it should work according to the help message.
> As I was trying to find out more about this I came across Jira issue
> KEYCLOAK-8[1], where a comment pointed to section 3.2.1[2] of the OAuth
> 2.0 spec. If I'm reading the spec correctly the redirect *must* be
> absolute to be conformant with the spec.
>
> Is the inline help wrong, or is it something here that I don't get?
>
> Håvard
>
>
> [1] https://issues.jboss.org/browse/KEYCLOAK-8
> [2] https://tools.ietf.org/html/rfc6749#section-3.1.2
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list