-
Notifications
You must be signed in to change notification settings - Fork 0
redirect_uri
please-open.it edited this page Feb 27, 2020
·
1 revision
An URL in your app dedicated for code (or token) retreive. https://www.oauth.com/oauth2-servers/redirect-uris/
This is a critical part, where some confidential data could be exposed such as access_token. This is why https://github.com/please-openit/token-leak-extension/blob/master/recommandations/danger/implict_flow.md is not recommended, authorization_code grant is safer.
https://tools.ietf.org/html/rfc6749#section-1.3.1
From this URI, authentication in the app is really starting with an information sent by the authentication server in the URI as a parameter.