From ede96d2a82a89b221e7154a15b42905aeb70bca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=A1clav=20Muzik=C3=A1=C5=99?= Date: Thu, 1 Sep 2016 16:38:39 +0200 Subject: [PATCH] KEYCLOAK-3429 Add info on latest redirect_uri changes --- topics/MigrationFromOlderVersions.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/topics/MigrationFromOlderVersions.adoc b/topics/MigrationFromOlderVersions.adoc index 4eb479c87e..0f9e0915ca 100644 --- a/topics/MigrationFromOlderVersions.adoc +++ b/topics/MigrationFromOlderVersions.adoc @@ -161,6 +161,14 @@ and `migrationStrategy`. `initializeEmpty` can bet set to `true` or `false` and be initialized. `migrationStrategy` can be set to `update`, `validate` and `manual`. `manual` is only supported for relational databases and will write an SQL file with the required changes to the database schema. +====== Changes in Client's Valid Redirect URIs +The following scenarious are affected: + +* When a Valid Redirect URI with query component is saved in a Client (e.g. `http://localhost/auth?foo=bar`), `redirect_uri` in authorization request must exactly match this URI (or other registered URI in this Client). +* When a Valid Redirect URI without a query component is saved in a Client, `redirect_uri` must exactly match as well. +* Wildcards in registered Valid Redirect URIs are no longer supported when query component is present in this URI, so the `redirect_uri` needs to exactly match this saved URI as well. +* Fragments in registered Valid Redirect URIs (like `http://localhost/auth#fragment`) are no longer allowed. + ==== Migrating to 2.0.0 ====== Upgrading from 1.0.0.Final no longer supported