Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Claim redirect_uri on token request #209

Open
wants to merge 9 commits into
base: versione-corrente
Choose a base branch
from
Open

Claim redirect_uri on token request #209

wants to merge 9 commits into from

Conversation

damikael
Copy link
Member

@damikael damikael commented Mar 25, 2024
edited
Loading

Claim redirect_uri on token request

Add required claim redirect_uri on token request

Review

  • Ensure your files are written following RST specs (not MD!)
  • Italian version
  • English version
  • Example files
  • Ask for review

damikael added 2 commits March 25, 2024 15:33
@damikael
Update token_endpoint.rst
04244a4 
add claim redirect_uri
@damikael
Update token_endpoint.rst
ea71d9a 
add required claim redirect_uri
@vercel Vercel
Copy link

vercel bot commented Mar 25, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
spid-cie-oidc-docs ❌ Failed (Inspect) Mar 26, 2024 6:44pm

@peppelinux
Copy link
Member

The update of the token request non normative example is required

@damikael
Copy link
Member Author

Updated examples:

2141231
4843b93

@damikael damikael requested a review from peppelinux March 26, 2024 17:27
peppelinux
peppelinux requested changes Mar 26, 2024
View reviewed changes
@damikael
Update docs/en/token_endpoint.rst
981c8dc 
Co-authored-by: Giuseppe De Marco <[email protected]>
@damikael
Update docs/en/token_endpoint.rst
55e4724 
Co-authored-by: Giuseppe De Marco <[email protected]>
damikael and others added 3 commits March 26, 2024 19:42
@damikael
Update docs/en/token_endpoint.rst
af3a230 
Co-authored-by: Giuseppe De Marco <[email protected]>
@damikael
Update docs/it/token_endpoint.rst
c591cee 
Co-authored-by: Giuseppe De Marco <[email protected]>
@damikael
Update docs/it/token_endpoint.rst
2d6497e 
Co-authored-by: Giuseppe De Marco <[email protected]>
@peppelinux peppelinux self-requested a review March 28, 2024 09:09
@peppelinux
Copy link
Member

According to https://openid.net/specs/openid-connect-core-1_0.html#TokenRequestValidation

we don't have the requirement of redirect_uri in the token request. I suggest to change this PR by saying that if present, the request_uri must ...

fmarino-ipzs
fmarino-ipzs requested changes Mar 28, 2024
View reviewed changes
docs/en/token_endpoint.rst
Comment on lines +117 to +119
* - **redirect_uri**
- Required. It MUST be one of the values declared into the claim **redirect_uris** in the RP metadata and it MUST match the value of the claim **redirect_uri** included in the previous authorization request.
- |spid-icon| |cieid-icon|
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any normative section within OIDC Core and iGov Profile requiring redirect_uri as a mandatory claim in the token request. Moreover, I see no security issues if this claim is omitted. I suggest considering it as OPTIONAL saying that if it is present the OP MUST check that it is the same value provided in the authorization request and the same value included in the RP Metadata.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmarino-ipzs fmarino-ipzs fmarino-ipzs requested changes

@peppelinux peppelinux Awaiting requested review from peppelinux

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@damikael @peppelinux @fmarino-ipzs