Merge pull request #199 from oauth-wg/uri_matching

added port number exception to uri matching rules
oauth-wg · Dec 19, 2024 · 3830b8e · 3830b8e
2 parents 5ecaa18 + c133b62
commit 3830b8e
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md
@@ -1678,6 +1678,8 @@ in the request if present, ensuring that it matches one of the registered
 redirect URIs previously established during client registration ({{client-registration}}).
 When comparing the two URIs the authorization server MUST ensure that the
 two URIs are equal, see {{RFC3986}}, Section 6.2.1, Simple String Comparison, for details.
+The only exception is native apps using a localhost URI: In this case, the authorization server
+MUST allow variable port numbers as described in [RFC8252], Section 7.3.
 
 If the request is valid,
 the authorization server authenticates the resource owner and obtains