# HG changeset patch # User Kim Alvefur # Date 1687463989 -7200 # Node ID 734788d8bfc3d8e0aac7e4facbac049e384b2f33 # Parent d6ab6f0bd96e95eb65432b2cfe43ab59f484d19a mod_http_oauth2: Rearrange description of redirect URIs requirements So that they're in one place only instead of sorta twice. diff -r d6ab6f0bd96e -r 734788d8bfc3 mod_http_oauth2/README.markdown --- a/mod_http_oauth2/README.markdown Thu Jun 22 09:18:32 2023 +0200 +++ b/mod_http_oauth2/README.markdown Thu Jun 22 21:59:49 2023 +0200 @@ -131,20 +131,7 @@ `redirect_uris` : **MUST** contain at least one valid URI. Different rules apply - depending on the value of `application_type`: - - `web` - : `redirect_uris` **MUST** be `https://` URIs and **MUST** use the - same hostname part as the `client_uri`. - - `native` - - : `redirect_uris` **MUST** match one of: - - - Loopback HTTP URI, e.g. `http://127.0.0.1/` or - `http://[::1]` - - Application-specific scheme, e.g. `com.example.app:/` - - The special OOB URI `urn:ietf:wg:oauth:2.0:oob` + depending on the value of `application_type`, see below. `application_type` @@ -152,10 +139,21 @@ `redirect_uris`. The following values are supported: `web` *(default)* - : For web clients. + : For web clients. With this, `redirect_uris` **MUST** be + `https://` URIs and **MUST** use the same hostname part as the + `client_uri`. + + `native` `native` - : For native e.g. desktop clients etc. + + : For native e.g. desktop clients etc. `redirect_uris` **MUST** + match one of: + + - Loopback HTTP URI, e.g. `http://127.0.0.1/` or + `http://[::1]` + - Application-specific scheme, e.g. `com.example.app:/` + - The special OOB URI `urn:ietf:wg:oauth:2.0:oob` `tos_uri`, `policy_uri` : Informative URLs pointing to Terms of Service and Service Policy