According to documentation in [1]
{
"redirect_uris": ["server.example.com"],
"client_name": "application_1",
"ext_param_owner": "application_owner",
"grant_types": ["password"]
}
Still our intension is to accept DCR request with redirect_uris for
password grant type. Only concern
On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena" wrote:
+1 for removing mandatory validation.
Dynamic OAUTH2 client Registration management protocol [1] will implement
in IS next version?
Yes
Once support that, DCR should be able to update the mandatory or optional
of redirect
+1 for removing mandatory validation.
Dynamic OAUTH2 client Registration management protocol [1] will implement
in IS next version?
Once support that, DCR should be able to update the mandatory or optional
of redirect urls depends on the grant type.
[1] https://tools.ietf.org/html/rfc7592
Thanks Johann and Pushpalanka. Updated [1] with details.
[1] - https://wso2.org/jira/browse/IDENTITY-5879
On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana
wrote:
> Hi,
>
> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby
> wrote:
>
>> +1. However
+1. However we have to make sure that if we update the application with
authorization_code or implicit grant type, then we have to validate that at
least one redirect_uri is also provided.
Regards,
Johann.
On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe
wrote:
> Hi,
Hi,
On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby wrote:
> +1. However we have to make sure that if we update the application with
> authorization_code or implicit grant type, then we have to validate that at
> least one redirect_uri is also provided.
>
> Regards,
>
Hi,
As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send at
least one redirect uri for any grant type and otherwise will give following
error response.
{
"error_description": "RedirectUris property must have at least one URI
value.",
"error": "invalid_client_metadata"
}