Skip to content
This repository has been archived by the owner on Oct 5, 2023. It is now read-only.

[Security Problem] authorization_code access token request does not verify redirection URI #32

Open
NadaAldahleh opened this issue Feb 8, 2012 · 0 comments

Comments

@NadaAldahleh
Copy link
Contributor

According to http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1.3 the authorization server must validate that the redirection URI matches the redirection URI used by the authorization server to deliver the authorization code. It currently ignores it. (This is in addition to ignoring the client_secret as describe in issue 25)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant