[
https://issues.apache.org/jira/browse/OLTU-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13771695#comment-13771695
]
Stein Welberg commented on OLTU-109:
------------------------------------
The current implementation of amber does not provide the possibility to
remember whether a redirect_uri was presented in the authorization request. We
will pick this issue up. This means however that the authorization server is no
longer completely stateless (which it is now).
> OAuthTokenRequest unnecessarily requires the "redirect_uri" parameter
> ---------------------------------------------------------------------
>
> Key: OLTU-109
> URL: https://issues.apache.org/jira/browse/OLTU-109
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-authzserver
> Affects Versions: 0.22
> Environment: Authorization Server
> Reporter: John Jenkins
> Fix For: 0.31
>
>
> The OAuthTokenRequest(HttpServletRequest) constructor will inappropriately
> fail if the "redirect_uri" parameter is missing. This is only required if the
> "redirect_uri" was given in the previous, "code" request. From the
> specification (section 4.1.3):
> redirect_uri
> REQUIRED, if the "redirect_uri" parameter was included in the
> authorization request as described in Section 4.1.1, and their
> values MUST be identical.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
