Skip to content

Commit

Permalink
Remove x_settings_redirect_uri_origins setting authgear#3813
Browse files Browse the repository at this point in the history
  • Loading branch information
IniZio authored and louischan-oursky committed Mar 6, 2024
1 parent 45f7813 commit 908fc99
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 43 deletions.
10 changes: 0 additions & 10 deletions pkg/auth/webapp/redirect.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (

"github.com/authgear/authgear-server/pkg/lib/config"
"github.com/authgear/authgear-server/pkg/util/httputil"
"github.com/iawaknahc/originmatcher"
)

func GetRedirectURI(r *http.Request, trustProxy bool, defaultURI string) string {
Expand Down Expand Up @@ -36,15 +35,6 @@ func DeriveSettingsRedirectURIFromRequest(r *http.Request, clientResolver OAuthC
}

allowed := true
matcher, err := originmatcher.New(client.SettingsRedirectURIOrigins)
if err != nil {
return ""
}

if matcher.MatchOrigin(redirectURI) {
allowed = true
}

// 1. Redirect URL in query param (must be whitelisted)
if allowed && redirectURI != "" {
return redirectURI
Expand Down
5 changes: 0 additions & 5 deletions pkg/lib/config/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,6 @@ var _ = Schema.Add("OAuthClientConfig", `
"client_uri": { "type": "string", "format": "uri" },
"client_name": { "type": "string", "minLength": 1 },
"name": { "type": "string" },
"x_settings_redirect_uri_origins": {
"type": "array",
"items": { "type": "string", "format": "http_origin" }
},
"x_application_type": { "type": "string", "enum": ["spa", "traditional_webapp", "native", "confidential", "third_party_app"] },
"x_max_concurrent_session": { "type": "integer", "enum": [0, 1] },
"redirect_uris": {
Expand Down Expand Up @@ -186,7 +182,6 @@ type OAuthClientConfig struct {
Name string `json:"name,omitempty"`
ApplicationType OAuthClientApplicationType `json:"x_application_type,omitempty"`
MaxConcurrentSession int `json:"x_max_concurrent_session,omitempty"`
SettingsRedirectURIOrigins []string `json:"x_settings_redirect_uri_origins,omitempty"`
RedirectURIs []string `json:"redirect_uris,omitempty"`
GrantTypes []string `json:"grant_types,omitempty"`
ResponseTypes []string `json:"response_types,omitempty"`
Expand Down
29 changes: 1 addition & 28 deletions pkg/lib/oauth/handler/resolve.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"github.com/authgear/authgear-server/pkg/lib/oauth/oauthsession"
"github.com/authgear/authgear-server/pkg/lib/oauth/protocol"
"github.com/authgear/authgear-server/pkg/util/httputil"
"github.com/iawaknahc/originmatcher"
)

type oauthRequest interface {
Expand Down Expand Up @@ -122,7 +121,7 @@ func parseAuthzRedirectURI(
return nil, protocol.NewErrorResponse("invalid_request", "invalid redirect URI")
}

err = validateSettingsRedirectURI(client, httpProto, httpOrigin, domainWhitelist, redirectURI)
err = validateRedirectURI(client, httpProto, httpOrigin, domainWhitelist, redirectURI)
if err != nil {
return nil, protocol.NewErrorResponse("invalid_request", err.Error())
}
Expand All @@ -134,29 +133,3 @@ func parseAuthzRedirectURI(

return settingsActionURI, nil
}

func validateSettingsRedirectURI(
client *config.OAuthClientConfig,
httpProto httputil.HTTPProto,
httpOrigin httputil.HTTPOrigin,
domainWhitelist []string,
redirectURI *url.URL,
) error {
redirectURIString := redirectURI.String()

matcher, err := originmatcher.New(client.SettingsRedirectURIOrigins)
if err != nil {
return err
}

if matcher.MatchOrigin(redirectURIString) {
return nil
}

err = validateRedirectURI(client, httpProto, httpOrigin, domainWhitelist, redirectURI)
if err != nil {
return err
}

return nil
}

0 comments on commit 908fc99

Please sign in to comment.