# HG changeset patch # User Kim Alvefur # Date 1684277750 -7200 # Node ID c0d62c1b4424d5b314386e50216864839c9c083b # Parent 260a859be86add2de3fcca661df264818c793220 mod_http_oauth2: Add FIXME about loopback redirect URIs I assume you can't possibly pre-register every port diff -r 260a859be86a -r c0d62c1b4424 mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Wed May 17 00:09:37 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed May 17 00:55:50 2023 +0200 @@ -251,6 +251,11 @@ return redirect_uri end end + -- FIXME The authorization server MUST allow any port to be specified at the + -- time of the request for loopback IP redirect URIs, to accommodate clients + -- that obtain an available ephemeral port from the operating system at the + -- time of the request. + -- https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-08.html#section-8.4.2 end local grant_type_handlers = {};