connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #433 - Add redirect_uri check for code, state, etc not present in the optional query params — Bitbucket

Issue #433 resolved

Vladimir Dzhuvinov created an issue 2023-08-24

See OSW talk Thursday:

https://oauth.secworkshop.events/osw2023/agenda-thursday

OAuth 2.0 Redirect URI Validation Falls Short, Literally

Tommaso Innocenti, Matteo Golinelli, Kaan Onarlioglu, Bruno Crispo, Engin Kirda

‌

Comments (2)

Yavor Vasilev
Adds ClientMetadata.PROHIBITED_REDIRECT_URI_QUERY_PARAMETER_NAMES, updates ClientMetadata to reject "redirect_uris" with query parameters "code", "state" or "response": d9ac68eb6171f917ef43c2871f173a7ca78245ba

‌
- 2023-08-29T10:01:26+00:00
Yavor Vasilev
- changed status to resolved
Completed with: b6105769095b9a485c82e93a6f09e52e6a95f338
- 2023-08-29T11:12:07+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: major

Status: resolved

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!