authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Leaving Redirect URIs/Origins (RegEx) blank fills in non-regex URI

Open davidus05 opened this issue 3 years ago • 6 comments

Describe the bug In versions before authentik 2022.7, leaving Redirect URIs/Origins (RegEx) in provider settings blank, filled in the URI correctly, using RegEx, which was introduced some versions ago. Starting from authentik 2022.7, URI is filled with non-regex, which leads to errors: "The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri)"

To Reproduce Steps to reproduce the behavior:

  1. Log in as admin
  2. Go to Applications -> Providers
  3. Modify an OAuth2/OpenID Provider
  4. Clear "Redirect URIs/Origins (Regex)"
  5. Let authentik fill it again automatically with logging in into the application
  6. You'll see a URI there now, but with non-regex formatting

Expected behavior The URI should be regex formatted

Version and Deployment (please complete the following information):

  • authentik version: 2022.7.2
  • Deployment: docker-compose

Additional context Did work in versions before 2022.7

davidus05 avatar Jul 19 '22 11:07 davidus05

Same here

senbax-admin avatar Jul 19 '22 12:07 senbax-admin

Starting with 2022.7 if a redirect URL can't be parsed as regex it's compared directly as it was in previous versions, https://github.com/goauthentik/authentik/commit/0cad56ec73044d003b0a88997d337d97747d5918

BeryJu avatar Jul 20 '22 07:07 BeryJu

That sounds great, but unfortunately this does not work. Because leaving URI blank and then trying to log in leads to an error: The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri)

davidus05 avatar Jul 20 '22 12:07 davidus05

It'll try to compare with regex and if the configured redirect_uri is not a valid regex, then it does strict comparison, if it can be interpreted as regex and doesn't match then you'll get the error

BeryJu avatar Jul 20 '22 12:07 BeryJu

It seems to use strict comparison (because it was not automatically regex-formatted) and the URI should definitely match. But the main issue, the automatic URI "detection", is still there and does not work as it did before.

davidus05 avatar Jul 22 '22 19:07 davidus05

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Sep 20 '22 19:09 stale[bot]