Redirect URI is not compared to configured value

go-oauth2 / oauth2

OAuth 2.0 server library for the Go programming language.

https://pkg.go.dev/github.com/go-oauth2/oauth2/v4

MIT License

3.31k stars 563 forks source link

Redirect URI is not compared to configured value #247

Open Akhil-Suden opened 1 year ago

Akhil-Suden commented 1 year ago

In method, ValidationTokenRequest(), redirect_uri is not compared against configured value for the client id. It should return error if redirect_uri value not matches the configured value.

bilinxing commented 7 months ago

The same doubt, whether there is a relevant answer. redirect_uri legitimacy check needs to be done by the programmer?

bilinxing commented 7 months ago

I solved the doubts, this ValidateURIHandler will check whether the redirect_uri is legal, you can customize