earaujoassis
commented
4 years ago We could add an intermediate page, within the space realm, indicating that the redirect URI could be potentially harmful.
Open earaujoassis opened 4 years ago
earaujoassis
commented
4 years ago We could add an intermediate page, within the space realm, indicating that the redirect URI could be potentially harmful.
If the client application (or a impersonated client application) attempts to redirect the user to a wrong redirect URI, where should the client be redirect to? Currently, we're redirecting the user to the requested redirect URI, but that doesn't look like as the correct/safe direction.
There should be an investigation around that and implement what is expected by the RFC 6749.