subnetmarco
commented
8 years ago @nikz this is currently possible on the /authorize endpoint.
Closed nikz closed 1 year ago
subnetmarco
commented
8 years ago @nikz this is currently possible on the /authorize endpoint.
subnetmarco
commented
8 years ago @nikz do you confirm?
nikz
commented
8 years ago @thefosk not quite - https://github.com/Mashape/kong/blob/master/kong/plugins/oauth2/access.lua#L159 matches the redirect URI exactly, whereas for Github for example only the host and port must match.
ikogan
commented
7 years ago What's the thinking around this? I'm getting ready to start working on a PR to allow the redirect URI to be a regex and would appreciate any input on what not to do. I imagine we don't want to change this behavior out from under existing implementations, so some kind of toggle would be useful?
hanshuebner
commented
1 year ago It seems that interest in this has died out and #2746 was not merged. Closing this issue.
In the OAuth2 Authorization code flow, it's possible to specify a Redirect URI during the Authorization Request phase.
This would be really useful for dynamic redirection.
There are also more details about the redirect URL requirements here: https://tools.ietf.org/html/rfc6749#section-3.1.2