Why is redirect_uri required on Access Token request?
问题 I'm developing an oauth2 provider based on rfc6749 and I'm wondering, why is redirect_uri required on the Access Token Request? The /token endpoint is not redirecting and the state is assumed to be already validated (i.e. against CSRF) so a copy of the redirectURI doesn't make much sense to me. 回答1: In auth code flow, it's used to validate the redirect_uri in the first auth request. https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uri-validation/ Granting Access Tokens The token