Hi,
As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send at
least one redirect uri for any grant type and otherwise will give following
error response.
{
"error_description": "RedirectUris property must have at least one URI
value.",
"error": "invalid_client_metadata"
}
AFAIU there is no significance of a redirect URI for grant types that do
not have a redirection in the flow. Shall we allow client registration
without redirect URI for the other grant types such as password, client
credentials and SAML2
[1] states that
The implementation and use of all client metadata
fields is OPTIONAL, unless stated otherwise.
..
redirect_uris
Array of redirection URI strings for use in redirect-based flows
such as the authorization code and implicit flows. As required by
Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of
OAuth 2.0 [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients
using flows with
redirection MUST register their redirection URI values.
Authorization servers that support dynamic registration for
redirect-based flows MUST implement support for this metadata
value.
[1] https://tools.ietf.org/html/rfc7591#section-2
--
Best Regards,
Nuwandi Wickramasinghe
Software Engineer
WSO2 Inc.
Web : http://wso2.com
Mobile : 0719214873
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
