An attacker could use the end-user authorization endpoint and the redirect URI parameter to abuse the authorization server as an open redirector.
An open redirector is an endpoint using a parameter to automatically redirect a user agent to the location specified by the parameter value without any validation.
An attacker could utilize a user's trust in an authorization server to launch a phishing attack.
{{book.project.name}} requires that all registered applications and clients register at least one redirection URI pattern.
Any time a client asks {{book.project.name}} to perform a redirect (on login or logout for example), {{book.project.name}} will check the redirect URI vs.
