Document that redirect_uri is absolute

akrabat · akrabat · commit 80efffde71ad · 2024-08-07T13:23:39.000+01:00
As per thephpleague/oauth2-server#1239, the `redirect_uri` is expected to be absolute, so include this in our documentation. Signed-off-by: Rob Allen <rob@akrabat.com>
diff --git a/docs/book/v1/grant/auth_code.md b/docs/book/v1/grant/auth_code.md
@@ -24,7 +24,7 @@ authorization server:
 
 - `response_type` = code.
 - `client_id` with the client identifer.
-- `redirect_uri` with the URI to which to redirect the client following
+- `redirect_uri` with the absolute URI to which to redirect the client following
   successful authorization. This parameter is optional, but if it is not sent,
   the user will be redirected to a default location on completion.
 - `scope` with a space-delimited list of requested scope permissions.
diff --git a/docs/book/v1/grant/implicit.md b/docs/book/v1/grant/implicit.md
@@ -11,9 +11,9 @@ authorization server:
 
 - `response_type` = token.
 - `client_id`, with the client’s ID.
-- `redirect_uri`, with the URI to which to redirect the client after completing
-  authorization. This parameter is optional; if not provided, however, the user
-  will be redirected to a default location.
+- `redirect_uri`, with the absolute URI to which to redirect the client after
+  completing authorization. This parameter is optional; if not provided,
+  however, the user will be redirected to a default location.
 - `scope`, with a space-delimited list of requested scope permissions.
 - `state`, with a Cross-Site Request Forgery (CSRF) token. This parameter is
   optional but highly recommended. You can store the value of CSRF token in the
