[Openid-specs-ab] Additional issues with redirect

Roland Hedberg roland.hedberg at adm.umu.se
Sat May 19 18:34:47 UTC 2012


19 maj 2012 kl. 07:34 skrev Breno de Medeiros:

> Google authz server requires exact match and allows no query
> parameters. The OAuth2 protocol was designed to support this by adding
> a pre-defined state parameter.

When you say exact match is that for the whole URI (leaving the query part out) ?
Because I read 3.1.2.3 of the OAuth2 draft to allow for registering a partial redirect URI.

To be specific I should be able to register:
 http://example.org/cb
and the have as the redirect_uri
 http://example.org/cb/foo
at least that is how I read the text.

Would the Google authz server allow that ? 

-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS) 
Umeå University 
SE-901 87 Umeå, Sweden	
Phone +46 90 786 68 44
Mobile +46 70 696 68 44 
www.its.umu.se 



More information about the Openid-specs-ab mailing list