omniauth-oauth2 icon indicating copy to clipboard operation
omniauth-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon omniauth

Redirect URI Required not Optional

Open vpfaulkner opened this issue 8 years ago • 0 comments

I'm working with an OAuth2 integration that does not require a redirect_uri as part of the Authorization Request and, in fact, will 500 if a redirect_uri is given as part of the Access Token POST.

According to the OAuth 2.0 spec the redirect_uri is optional as part of the Authorization Request and only required for the Access Token request if it was given as part of the Authorization Request. While this integration's implementation seems to treat the redirect_uri as forbidden rather than optional, the OAuth2 Strategy likewise does not appear to treat the redirect_uri as optional either.

In order to get around this, I am having to overwrite the build_access_token method. However, it would be nice if the redirect_uri could be configured so as to be completely optional and therefore not be included in the Authorization Request or the Access Token request.

vpfaulkner avatar Aug 03 '16 12:08 vpfaulkner