With implicit flow and http scheme on redirect_URI, the server answer always with an invalid_request.

IdentityModel / AuthorizationServer

Sample implementation of an OAuth2 Authorization Server

Other

281 stars 136 forks source link

With implicit flow and http scheme on redirect_URI, the server answer always with an invalid_request. #218

Closed mattiaaccornero closed 10 years ago

mattiaaccornero commented 10 years ago

Hi there, according to OAuth2 specifications (http://tools.ietf.org/html/rfc6749), HTTPS is no more required on redirect_URI. Could you please make it configurable?

Thanks! Keep up the good work!

leastprivilege commented 10 years ago

I can see not a single scenario where you want to send a token over an unsecured connection. Do you have one?