[Openid-specs-ab] Additional issues with redirect
Roland Hedberg
roland.hedberg at adm.umu.se
Sat May 19 18:34:47 UTC 2012
19 maj 2012 kl. 07:34 skrev Breno de Medeiros:
> Google authz server requires exact match and allows no query
> parameters. The OAuth2 protocol was designed to support this by adding
> a pre-defined state parameter.
When you say exact match is that for the whole URI (leaving the query part out) ?
Because I read 3.1.2.3 of the OAuth2 draft to allow for registering a partial redirect URI.
To be specific I should be able to register:
http://example.org/cb
and the have as the redirect_uri
http://example.org/cb/foo
at least that is how I read the text.
Would the Google authz server allow that ?
-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS)
Umeå University
SE-901 87 Umeå, Sweden
Phone +46 90 786 68 44
Mobile +46 70 696 68 44
www.its.umu.se
More information about the Openid-specs-ab
mailing list