connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #115 - TokenRequest does not expose getRedirectionUri() — Bitbucket

Issue #115 invalid

Former user created an issue 2014-11-14

in OAUTH 2.0 and OIDC Authz Code Flow the token request should have redirect_uri as a parameter which the server should check that it matches the redirect_uri in the original authz request TokenRequest class does not expose this

Comments (2)

Connect2id OSS
- changed status to open
Thank you for reporting this, we'll look at the code now.
- 2014-11-19T15:25:08+00:00
Connect2id OSS
- changed status to invalid
The TokenRequest class is used with various OAuth grants, not just for authorisation code grants. The redirect_uri parameter is therefore not a direct part of it.

To extract the redirect_uri, first call getAuthorizationGrant().getType() to ensure the grant type is indeed code.

Then do a cast to AuthorizationCodeGrant and call its getRedirectionURI() method.

Cheers,

Your Connect2id Support Team
- 2014-11-19T15:30:55+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!