Valid redirect URI really required?

[Stan Silvert]

In client settings, "Valid redirect URI" is marked as a required field.  But the help text says, " Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request."

So is redirect URI really a required field?

[Pedro Igor Craveiro e Silva]

I see your point. The help message is conflicting with the marker on that field.

Clients should always be set with a valid redirect uri (if they rely on grant types that involve redirects). If that means explicitly setting it or if calculated based on some other field, it does not matter as long as it is defined.

Not sure about UX best practices here, but my guess is that the marker exists to highlight what I explained above. If that is an "anti-pattern", it should be fine to remove the marker if we can make sure we always set one based on the root URL, when not explicitly provided.

On Thu, Sep 30, 2021 at 3:34 PM Stan Silvert <ssil...@redhat.com> wrote:

In client settings, "Valid redirect URI" is marked as a required field.  But the help text says, " Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request."

So is redirect URI really a required field?

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAAsejWA%2BBrPwaZiejRy0sW%2BL1o1FkMbUZKzjxUN8ePY%3DdOQ9gw%40mail.gmail.com.