fixes
This commit is contained in:
parent
90b796dd80
commit
a956c701dd
1 changed files with 1 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
||||||
[[_unspecific-redirect-uris]]
|
[[_unspecific-redirect-uris]]
|
||||||
=== Unspecific Redirect URIs
|
=== Unspecific Redirect URIs
|
||||||
|
|
||||||
For the <<fake/../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
|
For the <<fake/../../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
|
||||||
are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope
|
are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope
|
||||||
of access. This could happen for instance if two clients live under the same domain. So, its a good idea to make your
|
of access. This could happen for instance if two clients live under the same domain. So, its a good idea to make your
|
||||||
registered redirect URIs as specific as feasible.
|
registered redirect URIs as specific as feasible.
|
||||||
|
|
Loading…
Reference in a new issue