[Openid-specs-ab] Can redirect_uri be omitted in OIDC code flows ?

Sergey Beryozkin sberyozkin at gmail.com
Thu Feb 4 16:35:04 UTC 2016


Hi All,

My colleague has noticed that in OIDC, when clients redirect the users 
to OIDC server, 'redirect_uri' is required.

I recall that one of the experts was saying that in pure OAuth2, if a 
client registration contains a single redirect_uri only then having the 
client to include it during the actual code redirection requests is 
optional.

Can the same be applied when the code flows are used in OIDC ?

Many thanks, Sergey


More information about the Openid-specs-ab mailing list