Home > Back-end >  Is there a limit to number of redirect URIs that you can register with OAuth2 provider?
Is there a limit to number of redirect URIs that you can register with OAuth2 provider?

Time:09-20

As the title of the question, is there a limit to number of callback/redirect URIs that you can register with OAuth2 IDP provider like Okta, Google, etc?

I need to know this limit as I am building suite of web applications deployed on separate subdomains but need them to share the same session. My thought is to share the same client id and client secret with all these apps so that access_token and refresh_token can be reused.

CodePudding user response:

The specification does not limit this. A client can have as many redirect URIs as it wishes. Concrete authorization server might have their own limits. You would have to check with each vendor separately to verify the limit of redirect URIs they allow.

Maybe a better solution would be to have one app that is responsible for obtaining the tokens and then it could establish a session with all the different applications. I think having one backend responsible for handling a session is better than relying on the lifespan of an access token. In fact, access tokens are not meant as a session-carrying mechanism. They are not related to user sessions, and you should rely on other tools for that. You can still use Google to verify the identity of a user, but you should handle the session separately.

Page link:https//www.codepudding.com/Backend/550290.html

Prev:Nim: How to pass an array of varying size to an argument of a foreign function calling into a .dll?
Next:user created with no password Django (users can't log in)
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding