Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Redirect URI Validation

This feature allows you to enforce the redirect_uri parameter sent by the client.

What is `redirect_uri` parameter?

When authorizing the client, the user is redirected to the OAuth/OpenID provider. Here, the user authenticated himself and then authorizes the client to perform actions on his behalf. When this is done, the user is then redirected back to the client using Redirect/Callback URI. This URL is where the client actually handles the OAuth response from the provider.

This response varies according to the Grant Type used. The client handles the response accordingly and the proceeds to perform actions on the user's behalf.

Why would someone turn off the validation?

Several times, the client needs to redirect the user to some other URL instead of the one registered. This is especially true for the stateless applications, where the URL can contain a dynamically generated component.

Plugin Configuration

Navigate to the Configurations tab.
Under the Redirect/Callback URI Validation section, you can find the toggle for this option.
If the toggle is turned ON, the OAuth Server will validate the Redirect/Callback URI that is sent by the client. If the client does not send a URL registered with the server, it will show the following error:
ERROR:
```
  {
      "error": "redirect_uri_mismatch",
      "error_description": "The redirect URI provided is missing or does not match",
      "error_uri": "http://tools.ietf.org/html/rfc6749#section-3.1.2"
  }
```

What is `redirect_uri` parameter?
Why would someone turn off the validation?
Plugin Configuration

Redirect URI Validation

What is redirect_uri parameter?

Why would someone turn off the validation?

Plugin Configuration

What is `redirect_uri` parameter?