libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

fixes

Browse source
This commit is contained in:
Bill Burke 2016-05-31 21:15:09 -04:00
parent 90b796dd80
commit a956c701dd
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
topics/threat/redirect.adoc
View file

@ -2,7 +2,7 @@
[[_unspecific-redirect-uris]] [[_unspecific-redirect-uris]]
=== Unspecific Redirect URIs === Unspecific Redirect URIs
For the <<fake/../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that For the <<fake/../../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope
of access. This could happen for instance if two clients live under the same domain. So, its a good idea to make your of access. This could happen for instance if two clients live under the same domain. So, its a good idea to make your
registered redirect URIs as specific as feasible. registered redirect URIs as specific as feasible.