rollupid icon indicating copy to clipboard operation
rollupid copied to clipboard
verified publisher icon proofzero

fix(passport): redirect URL parameter is not checked

Open szkl opened this issue 2 years ago • 0 comments

Description

The redirect_uri parameter of the /authorize endpoint is not matched against the registered redirect URL.

Steps to Reproduce

  1. [First Step]
  2. [Second Step]
  3. [and so on...]

Expected Behavior

The requests to /authorize endpoint fail if the redirect_uri parameter is not an exact match of the registered redirect URL.

Actual Behavior

The redirect_uri parameter is directly used.

szkl avatar Jun 16 '23 20:06 szkl