You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OpenID Connect spec for client metadata [1] describes the redirect urls using the parameter redirect_uris.
redirect_uris REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of RFC3986 - (Simple String Comparison.
But oxD communication protocol for client registration [2] uses redirect_url - a string as the parameter.
This inconsistency between the OIDC spec and oxD implementation should be rectified.
Fixed in latest master branch. However now we stick to statefull oxd implementation which mean that we have to use register_site operation to get site_id. Please do not use register_client operation anymore unless you have good reason for it.
The OpenID Connect spec for client metadata [1] describes the redirect urls using the parameter
redirect_uris
.But oxD communication protocol for client registration [2] uses
redirect_url
- a string as the parameter.This inconsistency between the OIDC spec and oxD implementation should be rectified.
[1] http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
[2] http://ox.gluu.org/doku.php?id=oxd:communication_protocol#register_client
The text was updated successfully, but these errors were encountered: