Skip to Content
Technical Articles

Change in XSUAA: No Implicit Wildcards in Redirect URIs Supported Anymore

The behavior of the redirect URIs changes in the Cloud Foundry environment of SAP Cloud Platform. This is an incompatible change in XSUAA. You cannot use implicit wildcards anymore.

GENERAL RECOMMENDATION

We highly recommend that you avoid wildcards wherever possible.

In Authorization and Trust Management, you can configure redirect URIs in the OAuth configuration of the application security descriptor file (xs-security.json) of your applications. With this change, you can only use explicit wildcards in redirect-uris.

NOTE

You are only affected if you are using custom domains or redirect-uris in the OAuth configuration of your application security descriptor file (xs.security.json).

SUPPORTED: Explicit Wildcards

Defined Redirect URI in the application security descriptor file: http://application.cfapps.sap.hana.ondemand.com

  • Matches ONLY with¬†http://application.cfapps.sap.hana.ondemand.com
  • Domain relaxing must be added explicitly.
    • Example:. http://*.application.cfapps.sap.hana.ondemand.com
  • Arbitrary path matching must be added explicitly.
    • Example¬† http://application.cfapps.sap.hana.ondemand.com/**

For more information, see SAP Help Portal: Application Security Descriptor Configuration Syntax.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.