search

payprop / net-oauth2-authorizationserver

Module to implement core functions of an OAuth2 authorization server
7 stars 10 forks source link

Whitelisiting redirect URIs #11

Closed leejo closed 6 years ago

leejo commented 6 years ago

As per https://tools.ietf.org/html/rfc6749#section-10.15 and https://tools.ietf.org/html/rfc6819#section-5.2.3.5. The IETF recommend any redirect URIs be whitelisted to prevent malicious redirects.

Should maybe make this optional in the config rather than enforcing it.

leejo commented 6 years ago

Closing, unless anybody really want this.