Hi, I noticed that 'redirect_uri' is an OPTIONAL parameter according to spec[1].
And also in the subsequent token request 'redirect_uri' becomes a mandatory parameter only if it was sent in the initial authorization request[2]. I tested this on IS 5.3.0 fresh pack, and it gives *invalid_request * Redirect URI is not present in the authorization request which means we make the redirect_uri mandatory. Should we fix this behaviour? WDYT? [1] https://tools.ietf.org/html/rfc6749#section-4.1.1 [2] https://tools.ietf.org/html/rfc6749#section-4.1.3 Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
