Discussion on "OAuth2: Why should we validate the `redirect_uri` when exchanging the authorization code for an access token?"

Arnaud Dagnelies · 2023-05-31T07:29:02.692Z

Beware, technical article ahead! OAuth 2 and OpenID are complex protocols. It's full of tiny details that are there for the sake of security and it's not always clear why some checks are necessary. This article is about such a detail. Prelude Before...