It is allowed to insert an empty string or NULL for redirect_uri in oauth_clients table. In these two cases the library blindly trusts on the redirect uri coming from request and uses it to redirect the user there. Probably it's more appropriate to be more restrictive regarding the redirect_uri especially in case of authorization_code flow.
It is allowed to insert an empty string or NULL for
redirect_uriinoauth_clientstable. In these two cases the library blindly trusts on the redirect uri coming from request and uses it to redirect the user there. Probably it's more appropriate to be more restrictive regarding the redirect_uri especially in case ofauthorization_codeflow.