keycloak-scim/topics/threat/redirect.adoc

10 lines
474 B
Text
Raw Normal View History

2016-05-31 22:00:59 +00:00
[[_unspecific-redirect-uris]]
=== Unspecific Redirect URIs
For the <<fake/../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope
of access. This could happen for instance if two clients live under the same domain. So, its a good idea to make your
registered redirect URIs as specific as feasible.