Will your redirect_uri actually match?

Paste an authorize request URL (or just a bare redirect_uri) and, optionally, the patterns registered with your authorization server. redirectcheck statically diffs them char-by-char and checks for fragments, wildcard registrations, open-redirect shapes, embedded credentials, missing state, and the deprecated implicit flow — against RFC 6749 and the OAuth Security BCP (RFC 9700). No network calls; nothing is stored unless you save a report.

Load example:

Runs as pure static analysis in your browser. These are URLs, not secrets — but the report's subject line is always just the redirect_uri's origin + path; query values are never echoed.