[Openid-specs-ab] Additional issues with redirect

Breno de Medeiros breno at google.com
Tue May 22 17:38:51 UTC 2012


On Sat, May 19, 2012 at 11:34 AM, Roland Hedberg
<roland.hedberg at adm.umu.se> wrote:
>
> 19 maj 2012 kl. 07:34 skrev Breno de Medeiros:
>
>> Google authz server requires exact match and allows no query
>> parameters. The OAuth2 protocol was designed to support this by adding
>> a pre-defined state parameter.
>
> When you say exact match is that for the whole URI (leaving the query part out) ?
> Because I read 3.1.2.3 of the OAuth2 draft to allow for registering a partial redirect URI.
>
> To be specific I should be able to register:
>  http://example.org/cb
> and the have as the redirect_uri
>  http://example.org/cb/foo
> at least that is how I read the text.
>
> Would the Google authz server allow that ?
No, it doesn't.

>
> -- Roland
> ------------------------------------------------------
> Roland Hedberg
> IT Architect/Senior Researcher
> ICT Services and System Development (ITS)
> Umeå University
> SE-901 87 Umeå, Sweden
> Phone +46 90 786 68 44
> Mobile +46 70 696 68 44
> www.its.umu.se
>



-- 
--Breno


More information about the Openid-specs-ab mailing list