Open iaibai opened 10 months ago
The documentation states that in Part Two of an Auth Code flow, redirect_uri must contain "the same redirect URI the user was redirect back to".
However, as per https://github.com/thephpleague/oauth2-server/pull/1096, it should actually match the redirect_uri from the authorization request, and it must be omitted if it was not present in that request.
I suggest changing the redirect_uri line in Part Two to:
redirect_uri
The documentation states that in Part Two of an Auth Code flow, redirect_uri must contain "the same redirect URI the user was redirect back to".
However, as per https://github.com/thephpleague/oauth2-server/pull/1096, it should actually match the redirect_uri from the authorization request, and it must be omitted if it was not present in that request.
I suggest changing the redirect_uri line in Part Two to:
redirect_urirequired if theredirect_uriparameter was included in Part One, and their values MUST be identical. Otherwise, this parameter must be omitted.