Skip to content

Remove redundant validation for redirect-uri #7706

New issue
New issue
Closed
Closed
Remove redundant validation for redirect-uri#7706
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement
Milestone
5.3.0.M1
@jgrandja

Description

@jgrandja
jgrandja
opened on Dec 6, 2019

The OAuth 2.0 implementations of AuthenticationProvider and ReactiveAuthenticationManager perform an exact match on OAuth2AuthorizationRequest.getRedirectUri() and OAuth2AuthorizationResponse.getRedirectUri(), which is redundant given that the exact matching is also happening in the associated Filter and WebFilter.

We should remove this double validation since the check will always pass if the AuthenticationProvider or ReactiveAuthenticationManager is called.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions