This repository was archived by the owner on Oct 5, 2023. It is now read-only.
This repository was archived by the owner on Oct 5, 2023. It is now read-only.
[Security Problem] authorization_code access token request does not verify redirection URI #32
Description
According to http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1.3 the authorization server must validate that the redirection URI matches the redirection URI used by the authorization server to deliver the authorization code. It currently ignores it. (This is in addition to ignoring the client_secret as describe in issue 25)