2018-12-10 22:30 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005410GNUnetotherpublic2018-08-06 14:38
Assigned Toschanzen 
Product VersionSVN HEAD 
Target Version0.11.0Fixed in Version 
Summary0005410: OpenID Connect redirect_uris must actually be URIs
DescriptionIn OpenID Connect / OAuth2 the "redirect_uri" parameter must be a valid URI (https://tools.ietf.org/html/rfc3986#section-4.3).

Currently, in reclaim, it is simply a label in GNS, which means it _cannot_ be a URI due to character restrictions.
For reclaim, the labels are looked up in the identity namespace represented by the "client_id".
There, the _actual_ redirect_uri registered by the client can be found.

A solution might be to use an actual redirect_uri and internally convert it to a label, e.g. by hashing and then encoding it.
TagsNo tags attached.
Attached Files

-Relationships Relation Graph ] Dependency Graph ]



schanzen (developer)

The URI parameter must now be registered under the label "+" with a record of type of "RECLAIM_OIDC_REDIRECT".
When a redirect_uri is given by a client ID "PKEY", reclaim will resolve +.PKEY (type=RECLAIM_OIDC_REDIRECT) and verify that the given redirect URI matches one or more redirect URIs found in the records.

Setting a redirect URI in a local namespace essentially "registers" (in OIDC terms) a redirect URI for the client.

-Issue History
Date Modified Username Field Change
2018-07-22 22:22 schanzen New Issue
2018-07-22 22:22 schanzen Status new => assigned
2018-07-22 22:22 schanzen Assigned To => schanzen
2018-08-06 14:38 schanzen Status assigned => resolved
2018-08-06 14:38 schanzen Resolution open => fixed
2018-08-06 14:38 schanzen Note Added: 0013180
+Issue History