View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005410 | GNUnet | other | public | 2018-07-22 22:22 | 2019-02-28 11:17 |
Reporter | schanzen | Assigned To | schanzen | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.11.0 | Fixed in Version | 0.11.0 | ||
Summary | 0005410: OpenID Connect redirect_uris must actually be URIs | ||||
Description | In OpenID Connect / OAuth2 the "redirect_uri" parameter must be a valid URI (https://tools.ietf.org/html/rfc3986#section-4.3). Currently, in reclaim, it is simply a label in GNS, which means it _cannot_ be a URI due to character restrictions. For reclaim, the labels are looked up in the identity namespace represented by the "client_id". There, the _actual_ redirect_uri registered by the client can be found. A solution might be to use an actual redirect_uri and internally convert it to a label, e.g. by hashing and then encoding it. | ||||
Tags | No tags attached. | ||||
|
The URI parameter must now be registered under the label "+" with a record of type of "RECLAIM_OIDC_REDIRECT". When a redirect_uri is given by a client ID "PKEY", reclaim will resolve +.PKEY (type=RECLAIM_OIDC_REDIRECT) and verify that the given redirect URI matches one or more redirect URIs found in the records. Setting a redirect URI in a local namespace essentially "registers" (in OIDC terms) a redirect URI for the client. |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-07-22 22:22 | schanzen | New Issue | |
2018-07-22 22:22 | schanzen | Status | new => assigned |
2018-07-22 22:22 | schanzen | Assigned To | => schanzen |
2018-08-06 14:38 | schanzen | Status | assigned => resolved |
2018-08-06 14:38 | schanzen | Resolution | open => fixed |
2018-08-06 14:38 | schanzen | Note Added: 0013180 | |
2019-02-20 12:24 | Christian Grothoff | Fixed in Version | => 0.11.0 |
2019-02-28 11:17 | Christian Grothoff | Status | resolved => closed |