In the oAuth spec "Access Token Request" it is mentioned that the redirect-uri is required if the "redirect_uri" parameter was included in the authorization request. In this case, the oauth-src checks that the uri's are identical.
What is the purpose of redirect_uri parameter when exchanging code for access token
-
01-09-2022 - |
Question
I am reading the Google's documentation about OpenId Connect https://developers.google.com/accounts/docs/OAuth2Login
What I don't get is the purpose of the redirect_uri parameter during "4. Exchange code for access token and ID token".
The access token is returned in the response to HTTP Post request itself so I don't get the purpose of redirect_uri.
Can somebody explain?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow