django-oauth-toolkit icon indicating copy to clipboard operation
django-oauth-toolkit copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Token not created if redirect_uri in grant is not first in the application.redirect_uris list

Open simoirja opened this issue 4 years ago • 2 comments

Describe the bug Token is not created if the redirect_uri in the grant isn't first in the redirect_uris list on the application

To Reproduce Application Grant type: Authorization code Redirect uris: "http://foo1 http://foo2"

Grant Redirect uri: "http://foo2"

Trigger POST /o/token log: "[WARNING] Bad Request: /o/token" No token is created

Expected behavior Token generated if uri is valid. Flow stopped earlier and user shown invalid uri error page if it isn't.

Version 1.3.2

  • [x] I have tested with the latest published release and it's still a problem.
  • [ ] I have tested with the master branch and it's still a problem.

Additional context Currently avoided by putting the uri in the grant first in the list of valid uris in the application as the first action in TokenView

Manually moving the uri first in the application configuration before triggering the flow also works for validation purposes.

simoirja avatar Sep 10 '20 12:09 simoirja

This still seems to be an issue. Does anyone know of a fix for this?

Fraze avatar Aug 19 '21 13:08 Fraze

Actually! I found a fix. You need to specify the redirect_uri via a param when sending the token if you list multiple URIs.

Fraze avatar Aug 19 '21 16:08 Fraze