Hi Team,
I have created a journey where in the last node i.e success URL I am passing the using the redirect URL as "https://host:port/…/…/./authorize/?scope=…&…&redirect_uri=https://xyz/xy?PID=ID
where ID we are getting in sharedstate and we are getting value of ID as dynamic based on diffferent user suppose like ID=09787398, ID=3456KLJ etc. but while running the success url in the browser I am getting as redirect_uri_mismatch error althouhg in the Oauth client redirect_uri I have kept as “https://xyz/xy?PID=” but we when I was trying to enable wildcard and using value as h…ps://xyz/xy?PID=* then its not saving and giving validation error.
Can you please let me know how can use wildcard because everytime ID will be different??
Note: If I am searching h…://xyz/xy?PID=9373463 directly with some ID in browser its working fine.
Hi @TanayAmgen
If I am understanding your use case correctly, the short answer here is that according to the AM documentation (Client application registration :: AM 7.5.0 - see Redirection URIs):
Redirection URI values … must be an exact match
I’m not sure I fully understand what you are trying to accomplish, but perhaps we could look at different ways to solve for your scenario.
2 Likes
Hi @TanayAmgen,
I encourage you to read draft-ietf-oauth-security-topics-29 to understand that the design you’re proposing undermines the OAuth2 security profile, and you’ll also understand why usage of wildcards in the redirect_uri, is not offered: it is highly unsecure.
A way you can achieve the same result is to use the state parameter in the initial OAuth flow /authorize request - it is passed back along to the redirect_uri. Make sure to store a random value -unguessable - concatenated with the ID value in order to provide a context to the redirect call. By doing this you achieve two things: by checking the random value, you ensure that the callback is legitimate, and at the same time you provide context to your application.
Regards
Patrick
3 Likes