OIDC relying parties using authorization code flow or implicit grant flow, pass a redirect_uri parameter to the OpenID Connect Provider. For security reasons, the OpenID Connect provider must white list the redirect_uri value(s) for the RP in the configuration.

This article describes how to properly white list the redirect_uri value when:

• PhenixID Authentication Services (PAS) is setup as an OpenID Provider
• The relying party connected to PAS use a redirect_uri value containing a query string (for example: https://myrp.com/callback/?query=x&id=abc)

• PhenixID Authentication Services version 4.0 or higher
• PhenixID Authentication Services configured with a OIDC Relying party

• Remove the query string part (including the question mark) from the url value. For example: https://myrp.com/callback/?query=x&id=abc - > https://myrp.com/callback/

• Login to Configuration Manager
• Select Scenarios->OIDC->Relying Party->YOUR_RP
• Click +Add below Allowed redirect:uri:s
• Add the url string from the previous step

• Click Save