Will your redirect_uri actually match?
Paste an authorize request URL (or just a bare redirect_uri) and, optionally, the
patterns registered with your authorization server. redirectcheck statically diffs them
char-by-char and checks for fragments, wildcard registrations, open-redirect shapes, embedded
credentials, missing state, and the deprecated implicit flow — against RFC 6749 and
the OAuth Security BCP (RFC 9700). No network calls; nothing is stored unless you save a report.
Load example:
Runs as pure static analysis in your browser. These are URLs, not secrets — but the report's subject line is always just the redirect_uri's origin + path; query values are never echoed.