barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-05-14 16:20:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: oidc open redirect (#854)

Browse Source
This commit is contained in:
Dreddy
2026-05-13 10:34:39 -04:00
committed by GitHub
parent a9eac7edd2
commit f9fff24ca5
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/service/oidc_service.go
+5 -5
View File
@@ -297,6 +297,11 @@ func (service *OIDCService) ValidateAuthorizeParams(req AuthorizeRequest) error
return errors.New("access_denied") return errors.New("access_denied")
} }
// Redirect URI to verify that it's trusted
if !slices.Contains(client.TrustedRedirectURIs, req.RedirectURI) {
return errors.New("invalid_request_uri")
}
// Scopes // Scopes
scopes := strings.Split(req.Scope, " ") scopes := strings.Split(req.Scope, " ")
@@ -318,11 +323,6 @@ func (service *OIDCService) ValidateAuthorizeParams(req AuthorizeRequest) error
return errors.New("unsupported_response_type") return errors.New("unsupported_response_type")
} }
// Redirect URI
if !slices.Contains(client.TrustedRedirectURIs, req.RedirectURI) {
return errors.New("invalid_request_uri")
}
// PKCE code challenge method if set // PKCE code challenge method if set
if req.CodeChallenge != "" && req.CodeChallengeMethod != "" { if req.CodeChallenge != "" && req.CodeChallengeMethod != "" {
if req.CodeChallengeMethod != "S256" && req.CodeChallengeMethod != "plain" { if req.CodeChallengeMethod != "S256" && req.CodeChallengeMethod != "plain" {