- changed status to open
TokenRequest does not expose getRedirectionUri()
Issue #115
invalid
in OAUTH 2.0 and OIDC Authz Code Flow the token request should have redirect_uri as a parameter which the server should check that it matches the redirect_uri in the original authz request TokenRequest class does not expose this
Comments (2)
-
-
- changed status to invalid
The TokenRequest class is used with various OAuth grants, not just for authorisation code grants. The redirect_uri parameter is therefore not a direct part of it.
To extract the redirect_uri, first call
getAuthorizationGrant().getType()
to ensure the grant type is indeedcode
.Then do a cast to
AuthorizationCodeGrant
and call itsgetRedirectionURI()
method.Cheers,
Your Connect2id Support Team
- Log in to comment
Thank you for reporting this, we'll look at the code now.