You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think I can hardcode a fixed redirect_uri in authentik, so even the authorize url doesn't have a redirect_uri (e.g. https://<authentik>/application/o/authorize/?client_id=<client_id>&state=<state>&scope=openid&response_type=code), authentik still know where this request should be redirected to.
So may I know why redirect_uri is required in the code?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I noticed in RFC 6749 Section 4.1.1, redirect_uri is OPTIONAL.
But in authentik's code, redirect_uri is required.
authentik/authentik/providers/oauth2/views/authorize.py
Lines 191 to 193 in 29b0177
I think I can hardcode a fixed redirect_uri in authentik, so even the authorize url doesn't have a redirect_uri (e.g.
https://<authentik>/application/o/authorize/?client_id=<client_id>&state=<state>&scope=openid&response_type=code), authentik still know where this request should be redirected to.So may I know why redirect_uri is required in the code?
Beta Was this translation helpful? Give feedback.
All reactions