Allow sdk redirect url based on schema authgear#3813

IniZio · Feb 23, 2024 · aa81537 · aa81537
1 parent ab8fa9d
commit aa81537
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 13 deletions.
diff --git a/pkg/auth/webapp/redirect.go b/pkg/auth/webapp/redirect.go
@@ -2,13 +2,14 @@ package webapp
 
 import (
 	"net/http"
+	"net/url"
 
 	"github.com/authgear/authgear-server/pkg/lib/config"
 	"github.com/authgear/authgear-server/pkg/util/httputil"
 )
 
-var reservedRedirectURIs = []string{
-	"authgearsdk://host/path", // For Authgear SDK only, used for closing the webview
+var reservedRedirectURIShemas = []string{
+	"authgearsdk", // For Authgear SDK only, currently used for closing the webview
 }
 
 func GetRedirectURI(r *http.Request, trustProxy bool, defaultURI string) string {
@@ -36,8 +37,13 @@ func DeriveSettingsRedirectURIFromRequest(r *http.Request, defaultURI string) st
 		redirectURI := r.URL.Query().Get("redirect_uri")
 		allowed := false
 
-		for _, u := range reservedRedirectURIs {
-			if u == redirectURI {
+		parsedRedirectURI, err := url.Parse(redirectURI)
+		if err != nil {
+			return ""
+		}
+
+		for _, schema := range reservedRedirectURIShemas {
+			if parsedRedirectURI.Scheme == schema {
 				allowed = true
 				break
 			}
@@ -80,10 +86,21 @@ func DerivePostLoginRedirectURIFromRequest(r *http.Request, clientResolver OAuth
 			return ""
 		}
 
-		allowedURIs := client.RedirectURIs
+		parsedRedirectURI, err := url.Parse(redirectURI)
+		if err != nil {
+			return ""
+		}
+
 		allowed := false
 
-		for _, u := range append(reservedRedirectURIs, allowedURIs...) {
+		for _, shema := range reservedRedirectURIShemas {
+			if parsedRedirectURI.Scheme == shema {
+				allowed = true
+				break
+			}
+		}
+
+		for _, u := range client.RedirectURIs {
 			if u == redirectURI {
 				allowed = true
 				break

diff --git a/resources/authgear/templates/en/web/settings_close.html b/resources/authgear/templates/en/web/settings_close.html
@@ -7,13 +7,6 @@ <h1 class="primary-txt m-0 text-center text-xl font-bold">{{ template "settings-
 
 <p class="text-sm break-words primary-txt m-0 text-center">{{ template "settings-close-page-description" }}</p>
 
-<button
-  id="return-button"
-  class="hidden"
-  type="button"
-  data-action="click->original-referrer#returnToReferrer"
-></button>
-
 {{ template "__watermark.html" . }}
 </div>