lico icon indicating copy to clipboard operation
lico copied to clipboard
verified publisher icon libregraph

URI in RedirectURI isn't accepted

Open AliveDevil opened this issue 1 year ago • 0 comments

When configuring the OAuth component with a redirect URI, instead of a redirect URL, the authentication fails with invalid or missing redirect_uri, which in the context of a redirect URI - instead of a redirect URL - is wrong.

As the name suggests, one can use redirect URIs (i.e. protocol:action), which is just as valid as a redirect URL with protocol://authority.

Been redirected here from ownCloud/ocis, as it is used in the Embedded Identity Provider there. Checking https://github.com/libregraph/lico/blob/master/oidc/payload/authentication.go#L335-L337, leads to the main culprit: As a URL is a URI, you only need to check for RedirectURI and Protocol being set. The host-component is part of a URL, which not every URI has. When enforcing redirect URIs to be URLs all other forms of URIs are excluded (i.e. urn:, x-custom-protocol:action, etc.).

Also: owncloud/ocis#10159

AliveDevil avatar Oct 02 '24 13:10 AliveDevil