0

I have done quite a intensive research on repeated redirects (For e.g link ) but my problem is a bit different. Hence reaching out to you guys for help.

Let's say, my Sign on URL is - https://localhost/URL and my redirect URL is https://localhost/url, this ends up in infinite loop throwing an IDX10311 exception. Am I missing any trick to ignore Case sensitivity validation between sign-on and redirect URL?

P.S: Signing on with https://localhost/url, works like a charm

Santhakumar Munuswamy
  • 548
  • 5
  • 18
Vikram
  • 181
  • 1
  • 3
  • 14
  • It is hard to say for sure without more information, are you able to see more details by debugging and follow the path of what is happening? – Joshua Morgan Sep 15 '17 at 18:12

1 Answers1

0

URI comparison are usually done using simple String comparison. According to Uniform Resource Identifier rfc (rfc3986), comparison is usually done character to character between tow URIs. This can be found under section 6.2.1 of the standard.

As per OpenID Connect, one must use exact value used at the registration for redirect_uri value of the request. So as I can see you are getting an erro response from your identity provider for this specific reson. More can be found from the OAuth2.0 specification's section 4.1.2.1 - RFC6749.

In your implementation, you must validate for proper error messages from your identity provider

Community
  • 1
  • 1
Kavindu Dodanduwa
  • 12,193
  • 3
  • 33
  • 46