Closed nikz closed 1 year ago
@nikz this is currently possible on the /authorize
endpoint.
@nikz do you confirm?
@thefosk not quite - https://github.com/Mashape/kong/blob/master/kong/plugins/oauth2/access.lua#L159 matches the redirect URI exactly, whereas for Github for example only the host and port must match.
What's the thinking around this? I'm getting ready to start working on a PR to allow the redirect URI to be a regex and would appreciate any input on what not to do. I imagine we don't want to change this behavior out from under existing implementations, so some kind of toggle would be useful?
It seems that interest in this has died out and #2746 was not merged. Closing this issue.
In the OAuth2 Authorization code flow, it's possible to specify a Redirect URI during the Authorization Request phase.
This would be really useful for dynamic redirection.
There are also more details about the redirect URL requirements here: https://tools.ietf.org/html/rfc6749#section-3.1.2