redirect_uri is required for client_credentials consumers

Created on 23 January 2024, about 1 year ago

Updated 12 December 2024, 4 months ago

Problem/Motivation

redirect_uri is used by the authorization_code to ensure that the (web/mobile) application requesting the authorization code is the correct one. In the client_credentials grant type it's not used because it's understood there is a direct connection between the client and server (rather than going through a user's browser) which is authenticated with a client_id and secret. This means no redirects take place and redirect_uri is not needed.

redirect_uri is currently part of a multi-value field which is always required. This means that consumers which only use the client_credentials grant type (i.e. fully machine-to-machine applications) can not be created without filling in a dummy redirect URI.

Steps to reproduce

Proposed resolution

Make the field only required under the "authorization code" field group when that grant type is enabled. Similar to what happens for fields such as "Use PKCE".

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

6.0

Component

Code

Created by

🇳🇱Netherlands kingdutch

Live updates comments and jobs are added and updated live.

Merge Requests

!155redirect_uri is required for client_credentials consumers
Merged
🇧🇪Belgium dieterholvoet
updated 3 months ago

Comments & Activities

Issue created by @kingdutch
First commit to issue fork.
Merge request !155Make Redirect URIs only required when authorization code grant type is active → (Merged) created by dieterholvoet
Comment 4 months ago →
🇧🇪Belgium dieterholvoet Brussels
Pipeline finished with Success
4 months ago
Total: 283s
#366809
Comment 3 months ago →
🇳🇱Netherlands bojan_dev
Looks good, TY!
Comment 3 months ago →
🇳🇱Netherlands bojan_dev
Comment 3 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024