Hi, As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send at least one redirect uri for any grant type and otherwise will give following error response.
{ "error_description": "RedirectUris property must have at least one URI value.", "error": "invalid_client_metadata" } AFAIU there is no significance of a redirect URI for grant types that do not have a redirection in the flow. Shall we allow client registration without redirect URI for the other grant types such as password, client credentials and SAML2 [1] states that The implementation and use of all client metadata fields is OPTIONAL, unless stated otherwise. .. redirect_uris Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows. As required by Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of OAuth 2.0 [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value. [1] https://tools.ietf.org/html/rfc7591#section-2 -- Best Regards, Nuwandi Wickramasinghe Software Engineer WSO2 Inc. Web : http://wso2.com Mobile : 0719214873
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev