Added the redirectURIs field to the oauth2Client directory schema.
When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs.
A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(: d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo))
If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client.
Else the first redirect URI of the registered OAuth2 client is used.
If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.
Added:
OAuth2Client#redirectURIs
OAuth2Client#getRedirectURIs
OAuth2Client#OAuth2Client(String name, String id, String secret, List<String> redirectURIs)
OAuth2Client#isRedirectURIValid(String redirectURI)
OAuth2Client#toString()
Removed OAuth2Client(String name, String id, String secret)
Added the redirectURIs field to the oauth2Client directory schema.
When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs.
A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(: d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo ))
If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client.
Else the first redirect URI of the registered OAuth2 client is used.
If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.