Allow sdk redirect url based on schema authgear#3813

IniZio · Feb 23, 2024 · 1e671f9 · 1e671f9
1 parent ab8fa9d
commit 1e671f9
Showing 1 changed file with 27 additions and 6 deletions.
diff --git a/pkg/auth/webapp/redirect.go b/pkg/auth/webapp/redirect.go
@@ -2,13 +2,14 @@ package webapp
 
 import (
 	"net/http"
+	"net/url"
 
 	"github.com/authgear/authgear-server/pkg/lib/config"
 	"github.com/authgear/authgear-server/pkg/util/httputil"
 )
 
-var reservedRedirectURIs = []string{
-	"authgearsdk://host/path", // For Authgear SDK only, used for closing the webview
+var reservedRedirectURIShemas = []string{
+	"authgearsdk", // For Authgear SDK only, currently used for closing the webview
 }
 
 func GetRedirectURI(r *http.Request, trustProxy bool, defaultURI string) string {
@@ -36,8 +37,17 @@ func DeriveSettingsRedirectURIFromRequest(r *http.Request, defaultURI string) st
 		redirectURI := r.URL.Query().Get("redirect_uri")
 		allowed := false
 
-		for _, u := range reservedRedirectURIs {
-			if u == redirectURI {
+		parsedRedirectURI, err := url.Parse(redirectURI)
+		if err != nil {
+			return ""
+		}
+
+		for _, schema := range reservedRedirectURIShemas {
+			if err != nil {
+				panic(err)
+			}
+
+			if parsedRedirectURI.Scheme == schema {
 				allowed = true
 				break
 			}
@@ -80,10 +90,21 @@ func DerivePostLoginRedirectURIFromRequest(r *http.Request, clientResolver OAuth
 			return ""
 		}
 
-		allowedURIs := client.RedirectURIs
+		parsedRedirectURI, err := url.Parse(redirectURI)
+		if err != nil {
+			return ""
+		}
+
 		allowed := false
 
-		for _, u := range append(reservedRedirectURIs, allowedURIs...) {
+		for _, shema := range reservedRedirectURIShemas {
+			if parsedRedirectURI.Scheme == shema {
+				allowed = true
+				break
+			}
+		}
+
+		for _, u := range client.RedirectURIs {
 			if u == redirectURI {
 				allowed = true
 				break