View Issue Details

IDProjectCategoryView StatusLast Update
0005410GNUnetotherpublic2019-02-28 11:17
Reporterschanzen Assigned Toschanzen  
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.11.0Fixed in Version0.11.0 
Summary0005410: OpenID Connect redirect_uris must actually be URIs
DescriptionIn OpenID Connect / OAuth2 the "redirect_uri" parameter must be a valid URI (

Currently, in reclaim, it is simply a label in GNS, which means it _cannot_ be a URI due to character restrictions.
For reclaim, the labels are looked up in the identity namespace represented by the "client_id".
There, the _actual_ redirect_uri registered by the client can be found.

A solution might be to use an actual redirect_uri and internally convert it to a label, e.g. by hashing and then encoding it.
TagsNo tags attached.



2018-08-06 14:38

administrator   ~0013180

The URI parameter must now be registered under the label "+" with a record of type of "RECLAIM_OIDC_REDIRECT".
When a redirect_uri is given by a client ID "PKEY", reclaim will resolve +.PKEY (type=RECLAIM_OIDC_REDIRECT) and verify that the given redirect URI matches one or more redirect URIs found in the records.

Setting a redirect URI in a local namespace essentially "registers" (in OIDC terms) a redirect URI for the client.

Issue History

Date Modified Username Field Change
2018-07-22 22:22 schanzen New Issue
2018-07-22 22:22 schanzen Status new => assigned
2018-07-22 22:22 schanzen Assigned To => schanzen
2018-08-06 14:38 schanzen Status assigned => resolved
2018-08-06 14:38 schanzen Resolution open => fixed
2018-08-06 14:38 schanzen Note Added: 0013180
2019-02-20 12:24 Christian Grothoff Fixed in Version => 0.11.0
2019-02-28 11:17 Christian Grothoff Status resolved => closed