keycloak-scim/topics/threat/redirect.adoc


[[_unspecific-redirect-uris]]
=== Unspecific Redirect URIs

For the <<fake/../../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope
of access.  This could happen for instance if two clients live under the same domain.  So, its a good idea to make your
registered redirect URIs as specific as feasible.
threat 2016-05-31 22:00:59 +00:00
			`[[_unspecific-redirect-uris]]`
			`=== Unspecific Redirect URIs`

fixes 2016-06-01 01:15:09 +00:00			`For the <<fake/../../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that`
threat 2016-05-31 22:00:59 +00:00			`are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope`
			`of access. This could happen for instance if two clients live under the same domain. So, its a good idea to make your`
			`registered redirect URIs as specific as feasible.`