Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Done
-
None
-
None
Description
The redirect_uri should be verified it doesn't contain an URI fragment (http://example.org/auth#fragment) before saving to a Client.
This needs to be implemented both in REST API / Admin Console and in Client Registration endpoint.
Attachments
Issue Links
- blocks
-
KEYCLOAK-3181 Pass OIDC Dynamic Profile
-
- Closed
-
- is incorporated by
-
KEYCLOAK-3429 The redirect_uri behaviour doesn't comply with OIDC specs
-
- Closed
-