To ensure that applications that are created through dynamic client registration by
external parties comply with private-use URI scheme, you must configure a request transformation
rule.
About this task
Section https://datatracker.ietf.org/doc/html/rfc8252#section-7.1 states that
When choosing a URI scheme to associate with the app, apps MUST use a URI scheme based on a
domain name under their control, expressed in reverse order, as recommended by Section 3.8 of
[RFC7595] for private-use URI schemes.
To ensure that applications that are created through dynamic client registration by external
parties comply with this requirement, you must configure a request transformation rule.
Procedure
-
Select .
- Select Dynamic client registration.
- Copy and paste the following test into request transform
rule.
statements:
- context: scl := requestContext.metadata.redirect_uris.map(ru, ru.substring(0, ru.indexOf(":")))
- context: chk := context.scl.filter(sc, (sc.matches("^(http|https|smtp|mailto|ftp)$") || sc.indexOf(".") > -1) == false)
- context: err := context.chk.size() > 0
- if:
match: context.err
block:
- return: requestContext.metadata.remove("redirect_uris")
else:
- return: requestContext.metadata
- Select Save changes.
This request transformation
rule validates each redirect URI to ensure that they conform to the requirements. Any detection of
an invalid redirect URI removes the redirect_uris to force an error. The party that
is performing this dynamic client registration must then send a new request with appropriate values
for redirect_uris.