[
https://issues.apache.org/jira/browse/OLTU-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905072#comment-14905072
]
Stein Welberg edited comment on OLTU-109 at 9/23/15 7:19 PM:
-------------------------------------------------------------
I have changed the opinion that I stated two years ago ;-). I also don't think
it is the responsibility of Oltu to maintain this state. A better (and safer)
solution is to force clients to always send the redirect_uri. This also makes
for an easier implementation on the server side. Imho this issue can be closed
and marked as "Won't fix" for the reasons stated in the comments.
was (Author: steinwelberg):
I come back at my opinion stated two years ago ;-). I also don't think it is
the responsibility of Oltu to maintain this state. A better (and safer)
solution is to force clients to always send the redirect_uri. This also makes
for an easier implementation on the server side. Imho this issue can be closed
and marked as "Won't fix" for the reasons stated in the comments.
> OAuthTokenRequest unnecessarily requires the "redirect_uri" parameter
> ---------------------------------------------------------------------
>
> Key: OLTU-109
> URL: https://issues.apache.org/jira/browse/OLTU-109
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-authzserver
> Affects Versions: oauth2-0.22
> Environment: Authorization Server
> Reporter: John Jenkins
> Fix For: oauth2-0.31
>
>
> The OAuthTokenRequest(HttpServletRequest) constructor will inappropriately
> fail if the "redirect_uri" parameter is missing. This is only required if the
> "redirect_uri" was given in the previous, "code" request. From the
> specification (section 4.1.3):
> redirect_uri
> REQUIRED, if the "redirect_uri" parameter was included in the
> authorization request as described in Section 4.1.1, and their
> values MUST be identical.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
