-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set #1682
Comments
brent-cybrid
changed the title
Doorkeeper::Errors::InvalidRedirectUri Raised When no Redirect URI Set
Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set
Dec 4, 2023
Has this been looked at? |
Hey @brent-cybrid .
I believe it was always like this 🤔 In any case this behavior should be reviewed ,m more details here #1678 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Create an application with no
redirect_uri
set, i.e.,redirect_uri=nil
.Set
allow_blank_redirect_uri = true
in the Doorkeeper config.Hit
GET /oauth/authorize
withredirect_uri=''
orredirect_uri=nil
or omit theredirect_uri
parameter.Observe an
Doorkeeper::Errors::InvalidRedirectUri
exception with the messageThe requested redirect uri is malformed or doesn't match client redirect URI.
Expected behavior
In versions 5.6.6 and before an authorization code was returned.
Actual behavior
An
Doorkeeper::Errors::InvalidRedirectUri
exception with the messageThe requested redirect uri is malformed or doesn't match client redirect URI.
System configuration
Set
allow_blank_redirect_uri = true
in the Doorkeeper config.The text was updated successfully, but these errors were encountered: