You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When configuring the OAuth component with a redirect URI, instead of a redirect URL, the authentication fails with invalid or missing redirect_uri, which in the context of a redirect URI - instead of a redirect URL - is wrong.
As the name suggests, one can use redirect URIs (i.e. protocol:action), which is just as valid as a redirect URL with protocol://authority.
Been redirected here from ownCloud/ocis, as it is used in the Embedded Identity Provider there.
Checking https://github.com/libregraph/lico/blob/master/oidc/payload/authentication.go#L335-L337, leads to the main culprit: As a URL is a URI, you only need to check for RedirectURI and Protocol being set. The host-component is part of a URL, which not every URI has.
When enforcing redirect URIs to be URLs all other forms of URIs are excluded (i.e. urn:, x-custom-protocol:action, etc.).
When configuring the OAuth component with a redirect URI, instead of a redirect URL, the authentication fails with
invalid or missing redirect_uri, which in the context of a redirect URI - instead of a redirect URL - is wrong.As the name suggests, one can use redirect URIs (i.e.
protocol:action), which is just as valid as a redirect URL withprotocol://authority.Been redirected here from ownCloud/ocis, as it is used in the Embedded Identity Provider there.
Checking https://github.com/libregraph/lico/blob/master/oidc/payload/authentication.go#L335-L337, leads to the main culprit: As a URL is a URI, you only need to check for RedirectURI and Protocol being set. The host-component is part of a URL, which not every URI has.
When enforcing redirect URIs to be URLs all other forms of URIs are excluded (i.e.
urn:,x-custom-protocol:action, etc.).Also: owncloud/ocis#10159
The text was updated successfully, but these errors were encountered: