On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena" <man...@wso2.com> wrote:
+1 for removing mandatory validation. Dynamic OAUTH2 client Registration management protocol [1] will implement in IS next version? Yes Once support that, DCR should be able to update the mandatory or optional of redirect urls depends on the grant type. Not under dcr. Update is under DCRM. [1] https://tools.ietf.org/html/rfc7592 On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe <nuwan...@wso2.com> wrote: > Thanks Johann and Pushpalanka. Updated [1] with details. > > [1] - https://wso2.org/jira/browse/IDENTITY-5879 > > On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana <la...@wso2.com> > wrote: > >> Hi, >> >> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby <joh...@wso2.com> >> wrote: >> >>> +1. However we have to make sure that if we update the application with >>> authorization_code or implicit grant type, then we have to validate that at >>> least one redirect_uri is also provided. >>> >>> Regards, >>> Johann. >>> >>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe < >>> nuwan...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send >>>> at least one redirect uri for any grant type and otherwise will give >>>> following error response. >>>> >>>> { >>>> "error_description": "RedirectUris property must have at least one URI >>>> value.", >>>> "error": "invalid_client_metadata" >>>> } >>>> >>>> >>>> AFAIU there is no significance of a redirect URI for grant types that >>>> do not have a redirection in the flow. Shall we allow client registration >>>> without redirect URI for the other grant types such as password, client >>>> credentials and SAML2 >>>> >>>> [1] states that >>>> >>>> The implementation and use of all client metadata >>>> fields is OPTIONAL, unless stated otherwise. >>>> >>>> >>>> .. >>>> >>>> >>>> redirect_uris >>>> Array of redirection URI strings for use in redirect-based flows >>>> such as the authorization code and implicit flows. As required by >>>> Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of OAuth >>>> 2.0 [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients using flows >>>> with >>>> redirection MUST register their redirection URI values. >>>> Authorization servers that support dynamic registration for >>>> redirect-based flows MUST implement support for this metadata >>>> value. >>>> >>>> >>>> [1] https://tools.ietf.org/html/rfc7591#section-2 >>>> >>> +1. >> We already have a task to track and fix on these compliancy issues as at >> [1]. Please create or add these details there too, so we can make sure we >> address this and rectify. >> >> [1] - https://wso2.org/jira/browse/IDENTITY-5879 >> >>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Nuwandi Wickramasinghe >>>> >>>> Software Engineer >>>> >>>> WSO2 Inc. >>>> >>>> Web : http://wso2.com >>>> >>>> Mobile : 0719214873 <071%20921%204873> >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >> ushpalanka/ | Twitter: @pushpalanka >> >> > > > -- > > Best Regards, > > Nuwandi Wickramasinghe > > Software Engineer > > WSO2 Inc. > > Web : http://wso2.com > > Mobile : 0719214873 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Manoj Gunawardena Tech Lead WSO2, Inc.: http://wso2.com lean.enterprise.middleware Mobile : +94 77 2291643 _______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
