In this authorization endpoint oltu implementation example Oltu provides an example about how to make an OAuth2.0 compliant authorization server.
In that example there's a validateRedirectionURI(oauthRequest). Could somebody explain what's it for?
Asked
Active
Viewed 1,091 times
1 Answers
3
It is to prevent impersonation attacks where an attacker would have obtained an Authorization Code by sending a fake Redirect URI in the authentication request, receiving the Response with the Code on that Redirect URI and subsequently "play back" the Code against the legitimate Client, thereby impersonating the original user. This security consideration is described in the spec here: https://www.rfc-editor.org/rfc/rfc6749#section-10.6
