What is the purpose of redirect_uri parameter when exchanging code for access token

2k views Asked by At

I am reading the Google's documentation about OpenId Connect https://developers.google.com/accounts/docs/OAuth2Login

What I don't get is the purpose of the redirect_uri parameter during "4. Exchange code for access token and ID token".

The access token is returned in the response to HTTP Post request itself so I don't get the purpose of redirect_uri.

Can somebody explain?

1

There are 1 answers

1
OhadR On BEST ANSWER

In the oAuth spec "Access Token Request" it is mentioned that the redirect-uri is required if the "redirect_uri" parameter was included in the authorization request. In this case, the oauth-src checks that the uri's are identical.