What's the difference between a Redirect url and a callback uri in openID Connect Oauth?

oauth-2.0 openid-connect
15,005

The official term is "Redirection Endpoint", see: https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2:

3.1.2. Redirection Endpoint

After completing its interaction with the resource owner, the
authorization server directs the resource owner's user-agent back to
the client. The authorization server redirects the user-agent to the client's redirection endpoint previously established with the
authorization server during the client registration process or when
making the authorization request.

The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an
"application/x-www-form-urlencoded" formatted (per Appendix B) query
component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters. The endpoint URI MUST NOT include a
fragment component.

but other terms like "Redirection URI", "Redirection URL", "Redirect URI", "Redirect URL", "Callback URL" and "Callback URI" etc. are all used interchangeably, some because in protocol fields the term gets shortened to things like redirect_uri, others because of inherited legacy terminology from similar protocols that pre-date OAuth 2.0.

Share:
15,005

Related videos on Youtube

gameOne
Author by

gameOne

SOreadytohelp

Updated on June 04, 2022

Comments

  • gameOne
    gameOne almost 2 years

    I was trying to learn how to implement openID connect in one of my Android app, I came across two terms redirect url and callback uri, I'm not able to distinguish between the two. What exactly is the difference?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Keycloak Access Token vs UserInfo token?
Refresh token with Keycloak
Azure AD-B2C error: IDX10501: Signature validation failed. Unable to match keys: kid: '[PII is hidden]', token: '[PII is hidden]'
OWIN OpenID connect authorization fails to authorize secured controller / actions
Getting Scope Validating error in Identity Server 4 using JavaScript Client in asp.net core
How to specify refresh tokens lifespan in Keycloak
IdentityServer Flows
Difference between OAuth 2.0 "state" and OpenID "nonce" parameter? Why state could not be reused?
Keycloak Invalid token issuer
OWIN middleware for OpenID Connect - Code flow ( Flow type - AuthorizationCode) documentation?