Add comment for ContainsRedirectURI about the exact match (#30457)
Close #26897 Replace #30336 (cherry picked from commit 92e27e15c38b95be2309dae316b896ee1d80324b)
This commit is contained in:
parent
86736193fe
commit
27977851fb
1 changed files with 5 additions and 0 deletions
|
@ -144,6 +144,11 @@ func (app *OAuth2Application) TableName() string {
|
||||||
|
|
||||||
// ContainsRedirectURI checks if redirectURI is allowed for app
|
// ContainsRedirectURI checks if redirectURI is allowed for app
|
||||||
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
|
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
|
||||||
|
// OAuth2 requires the redirect URI to be an exact match, no dynamic parts are allowed.
|
||||||
|
// https://stackoverflow.com/questions/55524480/should-dynamic-query-parameters-be-present-in-the-redirection-uri-for-an-oauth2
|
||||||
|
// https://www.rfc-editor.org/rfc/rfc6819#section-5.2.3.3
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||||
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-12#section-3.1
|
||||||
contains := func(s string) bool {
|
contains := func(s string) bool {
|
||||||
s = strings.TrimSuffix(strings.ToLower(s), "/")
|
s = strings.TrimSuffix(strings.ToLower(s), "/")
|
||||||
for _, u := range app.RedirectURIs {
|
for _, u := range app.RedirectURIs {
|
||||||
|
|
Loading…
Reference in a new issue