mod_http_oauth2: Validate redirect URI depending on application type Per https://openid.net/specs/openid-connect-registration-1_0.html require that web applications use https:// and native applications must use either http://localhost or a custom (non-https) URI. Previous requirement that hostname matches that of client_uri is kept for web applications.

---
labels:
- 'Type-Auth'
summary: SASL OAuthBearer Mechanism
...

Introduction
============

This module adds a new SASL mechanism OAUTHBEARER, as defined in [RFC-7628](https://tools.ietf.org/html/rfc7628).

It's intended to be used together with the `mod_auth_oauthbearer.lua` module.