From 1b504c17675acddd06f151bc87547e402e9a0086 Mon Sep 17 00:00:00 2001 From: Bob Mulder Date: Thu, 19 May 2016 11:08:18 +0200 Subject: [PATCH 1/2] Update auth-server-auth-code.md Guess this is not the Authorization Server ;) Didn't know how to call it so I named it to 'client callback'. --- auth-server-auth-code.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-server-auth-code.md b/auth-server-auth-code.md index d43ff55a..5c1944ff 100755 --- a/auth-server-auth-code.md +++ b/auth-server-auth-code.md @@ -24,7 +24,7 @@ All of these parameters will be validated by the authorization server. The user will then be asked to login to the authorization server and approve the client. -If the user approves the client they will be redirected back to the authorization server with the following parameters in the query string: +If the user approves the client they will be redirected back to the client callback with the following parameters in the query string: * `code` with the authorization code * `state` with the state parameter sent in the original request. You should compare this value with the value stored in the user's session to ensure the authorization code obtained is in response to requests made by this client rather than another client application. From 35de4c9a0dbc37773156a45cbf4d6f309e300461 Mon Sep 17 00:00:00 2001 From: Bob Mulder Date: Thu, 19 May 2016 12:10:08 +0200 Subject: [PATCH 2/2] Update auth-server-auth-code.md --- auth-server-auth-code.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-server-auth-code.md b/auth-server-auth-code.md index 5c1944ff..dfaa3c1d 100755 --- a/auth-server-auth-code.md +++ b/auth-server-auth-code.md @@ -24,7 +24,7 @@ All of these parameters will be validated by the authorization server. The user will then be asked to login to the authorization server and approve the client. -If the user approves the client they will be redirected back to the client callback with the following parameters in the query string: +If the user approves the client they will be redirected from the authorisation server to the client's redirect URI with the following parameters in the query string:' * `code` with the authorization code * `state` with the state parameter sent in the original request. You should compare this value with the value stored in the user's session to ensure the authorization code obtained is in response to requests made by this client rather than another client application.