can we specify whilecharacters like * in while setting them in re-direct URI
localhost:3000/ui/* => if I set this URL
can we access localhost:3000/ui/2345 will it pass cors for this url.
Thank you.
Hi @maroom
Unfortunately, adding wildcards to redirect URIs is not possible due to possible security risks that might occur when the user accesses a different URL than the one he originally wanted.
2.1. Protecting redirect-based flows
Authorization servers shall utilize exact matching of client redirect URIs against pre-registered URIs. This measure contributes to the prevention of leakage of authorization codes and access tokens (depending on the grant type). It also helps to detect mix-up attacks.
Clients shall avoid any redirects or forwards which can be parameterized by URI query parameters, in order to provide a further layer of defence against token leakage. If there is a need for this kind of redirects, clients are advised to implement appropriate countermeasures against open redirection, e.g., as described by OWASP
https://tools.ietf.org/id/draft-ietf-oauth-security-topics-06.html
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.