{"_id":"55ccedf7fc82cd23002439a9","project":"545137a814af501a00b50cf9","tags":[],"__v":0,"initVersion":{"_id":"545137a814af501a00b50cfc","version":"1.0"},"user":{"_id":"5433099f9a2b451a00ad4531","username":"","name":"Ryan Braastad"},"createdAt":"2015-08-13T19:20:23.620Z","changelog":[],"body":"Yammer is committed to improving the security of third party integrations. Effective August 25, 2015, we will be making a change to the way we handle redirect URI's for Yammer authentication (otherwise known as Sign in with Yammer).\n\nYammer is going to start performing full match on both the domain name and path against the registered redirect URI for any given client application and the developer provided redirect URI that is provided during the app authorization request. Currently, the redirect URI provided in the request is only checked against the domain name defined in the app's redirect URI attribute.\n\nIf you are the owner of a third party application with a redirect URI that does not match the redirect​ URI entered into the app's configuration settings, please take a few minutes to make the following simple update to your app registration settings:\n\nStep 1: Go to App Registration Settings. \nStep 2: Select an app that appears there and navigate to the Basic Info page. \nStep 3: Update the Redirect URI field to define exact URL of the Redirect URI. \nStep 4: Repeat for all other apps that appear on your app registration settings page.\n\nBelow is a list of showing how the registered redirect URI will be compared against the redirect URI provided in the browser address bar:\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"REGISTERED REDIRECT URI\",\n    \"h-1\": \"REDIRECT_URI PARAMETER PASSED TO AUTHORIZE\",\n    \"h-2\": \"VALID?\",\n    \"0-0\": \"http://yourcallback.com/\",\n    \"1-0\": \"http://yourcallback.com/\",\n    \"2-0\": \"http://yourcallback.com/?this=that\",\n    \"0-1\": \"http://yourcallback.com/\",\n    \"0-2\": \"YES\",\n    \"1-2\": \"YES\",\n    \"2-2\": \"YES\",\n    \"3-2\": \"YES\",\n    \"4-2\": \"NO\",\n    \"6-2\": \"NO\",\n    \"5-2\": \"YES\",\n    \"7-2\": \"\",\n    \"1-1\": \"http://yourcallback.com/?this=that\",\n    \"2-1\": \"http://yourcallback.com/\",\n    \"3-0\": \"http://yourcallback.com/?this=that\",\n    \"3-1\": \"http://yourcallback.com/?this=that&another=true\",\n    \"4-0\": \"http://yourcallback.com/callback\",\n    \"4-1\": \"http://yourcallback.com/\",\n    \"5-0\": \"http://yourcallback.com/callback\",\n    \"5-1\": \"http://yourcallback.com/callback?type=mobile\",\n    \"6-0\": \"http://yourcallback.com/\",\n    \"6-1\": \"http://yourcallback.com/callback\"\n  },\n  \"cols\": 3,\n  \"rows\": 7\n}\n[/block]\nThese changes will be effective on **August 25, 2015**. We’ll stop redirecting users to the passed redirect URI if it doesn’t exactly match the app’s redirect URI field.\n\n\nThanks for helping keeping Yammer apps safe for our users.\n\nThank you!\n[block:api-header]\n{\n  \"type\": \"basic\"\n}\n[/block]\nBy The Yammer Platform Team. Posted on August 13, 2015","slug":"action-required-please-make-this-simple-update-prior-to-august-25-2015","title":"Action Required: Please Make This Simple Update Prior to August 25, 2015"}

Action Required: Please Make This Simple Update Prior to August 25, 2015


Yammer is committed to improving the security of third party integrations. Effective August 25, 2015, we will be making a change to the way we handle redirect URI's for Yammer authentication (otherwise known as Sign in with Yammer). Yammer is going to start performing full match on both the domain name and path against the registered redirect URI for any given client application and the developer provided redirect URI that is provided during the app authorization request. Currently, the redirect URI provided in the request is only checked against the domain name defined in the app's redirect URI attribute. If you are the owner of a third party application with a redirect URI that does not match the redirect​ URI entered into the app's configuration settings, please take a few minutes to make the following simple update to your app registration settings: Step 1: Go to App Registration Settings. Step 2: Select an app that appears there and navigate to the Basic Info page. Step 3: Update the Redirect URI field to define exact URL of the Redirect URI. Step 4: Repeat for all other apps that appear on your app registration settings page. Below is a list of showing how the registered redirect URI will be compared against the redirect URI provided in the browser address bar: [block:parameters] { "data": { "h-0": "REGISTERED REDIRECT URI", "h-1": "REDIRECT_URI PARAMETER PASSED TO AUTHORIZE", "h-2": "VALID?", "0-0": "http://yourcallback.com/", "1-0": "http://yourcallback.com/", "2-0": "http://yourcallback.com/?this=that", "0-1": "http://yourcallback.com/", "0-2": "YES", "1-2": "YES", "2-2": "YES", "3-2": "YES", "4-2": "NO", "6-2": "NO", "5-2": "YES", "7-2": "", "1-1": "http://yourcallback.com/?this=that", "2-1": "http://yourcallback.com/", "3-0": "http://yourcallback.com/?this=that", "3-1": "http://yourcallback.com/?this=that&another=true", "4-0": "http://yourcallback.com/callback", "4-1": "http://yourcallback.com/", "5-0": "http://yourcallback.com/callback", "5-1": "http://yourcallback.com/callback?type=mobile", "6-0": "http://yourcallback.com/", "6-1": "http://yourcallback.com/callback" }, "cols": 3, "rows": 7 } [/block] These changes will be effective on **August 25, 2015**. We’ll stop redirecting users to the passed redirect URI if it doesn’t exactly match the app’s redirect URI field. Thanks for helping keeping Yammer apps safe for our users. Thank you! [block:api-header] { "type": "basic" } [/block] By The Yammer Platform Team. Posted on August 13, 2015