bruno icon indicating copy to clipboard operation
bruno copied to clipboard
verified publisher icon usebruno

Check oauth2 authorization code redirect for exact 'code' query parameter

Open layereight opened this issue 1 year ago • 0 comments

Description

Redirects during OAuth2 authorization code flow are only identified through a rather broad regex match for code in the redirect uri. The authorization process will fail for authorization servers offering a "multi-step" authorization that include intemediate redirects casually containing the keyword code in their uri.

This change checks the redirect for the distinct code query paramter as defined in the RFC

Contribution Checklist:

  • [x] The pull request only addresses one issue or adds one feature.
  • [x] The pull request does not introduce any breaking changes
  • [ ] I have added screenshots or gifs to help explain the change if applicable.
  • [x] I have read the contribution guidelines.
  • [x] Create an issue and link to the pull request.

Fixes https://github.com/usebruno/bruno/issues/1778

layereight avatar Mar 12 '24 20:03 layereight