OAuth redirect_uri support for wildcard port
search cancel

OAuth redirect_uri support for wildcard port

book

Article ID: 230110

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Does the redirect_uri support a wildcard port?

The RFC8252 spec states that this MUST be supported by the IDP as per the extract below.

7.3.  Loopback Interface Redirection   Native apps that are able to open a port on the loopback network   interface without needing special permissions (typically, those on   desktop operating systems) can use the loopback interface to receive   the OAuth redirect.   Loopback redirect URIs use the "http" scheme and are constructed with   the loopback IP literal and whatever port the client is listening on.Denniss & Bradley         Best Current Practice                 [Page 9]

RFC 8252                OAuth 2.0 for Native Apps           October 2017   That is, "http://127.0.0.1:{port}/{path}" for IPv4, and   "http://[::1]:{port}/{path}" for IPv6.  An example redirect using the   IPv4 loopback interface with a randomly assigned port:     http://127.0.0.1:51004/oauth2redirect/example-provider   An example redirect using the IPv6 loopback interface with a randomly   assigned port:     http://[::1]:61023/oauth2redirect/example-provider   The authorization server MUST allow any port to be specified at the   time of the request for loopback IP redirect URIs, to accommodate   clients that obtain an available ephemeral port from the operating   system at the time of the request.   Clients SHOULD NOT assume that the device supports a particular   version of the Internet Protocol.  It is RECOMMENDED that clients   attempt to bind to the loopback interface using both IPv4 and IPv6   and use whichever is available.

Environment

Release : 4.4

Component : OTK 

Resolution

The support for a wildcard port in redirect_uri is added in the OTK 4.6 version. Here are some details about this feature:

OTK 4.6 release notes: Support Port Agnostic Loopback Redirect URL

The redirect_uri configuration: Set the Callback URL