Platform update: The Nuxeo Jira site is anticipated to be decommissioned Saturday, February 1, 2025. After this date, users will no longer be able to access or refer to Jira.Nuxeo.com. Read the Hyland Connect blog post for more details.
Added the redirectURIs field to the oauth2Client directory schema.
When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs.
A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(: d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo))
If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client.
Else the first redirect URI of the registered OAuth2 client is used.
If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.
Added:
OAuth2Client#redirectURIs
OAuth2Client#getRedirectURIs
OAuth2Client#OAuth2Client(String name, String id, String secret, List<String> redirectURIs)
OAuth2Client#isRedirectURIValid(String redirectURI)
OAuth2Client#toString()
Removed OAuth2Client(String name, String id, String secret)
Added the redirectURIs field to the oauth2Client directory schema.
When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs.
A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(: d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo ))
If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client.
Else the first redirect URI of the registered OAuth2 client is used.
If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.