question

Most OAuth 2.0 provides require the developer to provide the `redirect_uri` parameter when using the implicit grant. It would be nice if I could configure my Alexa Skill to include the `redirect_uri` parameter. For now, I'm trying to hack around it by manually specifying the `redirect_uri` parameter in the Authorization URL parameter. > The authorization server MUST verify that the redirection URI to which it will redirect the access token matches a redirection URI registered by the client... via http://tools.ietf.org/html/rfc6749#section-4.2 It's mandatory for most providers because: > Lack of a redirection URI registration requirement can enable an attacker to use the authorization endpoint as an open redirector... via http://tools.ietf.org/html/rfc6749#section-3.1.2.2