From 84afb58cb9f97532d04e49d4d008e38a01505593 Mon Sep 17 00:00:00 2001
From: Newman Chow <newman@oursky.com>
Date: Tue, 27 Feb 2024 18:39:01 +0800
Subject: [PATCH] Remove x_settings_redirect_uri_origins setting #3813

---
 pkg/lib/config/oauth.go          |  5 -----
 pkg/lib/oauth/handler/resolve.go | 29 +----------------------------
 2 files changed, 1 insertion(+), 33 deletions(-)

diff --git a/pkg/lib/config/oauth.go b/pkg/lib/config/oauth.go
index c5b62220ef0..a94abafe92d 100644
--- a/pkg/lib/config/oauth.go
+++ b/pkg/lib/config/oauth.go
@@ -119,10 +119,6 @@ var _ = Schema.Add("OAuthClientConfig", `
 		"client_uri": { "type": "string", "format": "uri" },
 		"client_name": { "type": "string", "minLength": 1 },
 		"name": { "type": "string" },
-		"x_settings_redirect_uri_origins": {
-			"type": "array",
-			"items": { "type": "string", "format": "http_origin" }
-		},
 		"x_application_type": { "type": "string", "enum": ["spa", "traditional_webapp", "native", "confidential", "third_party_app"] },
 		"x_max_concurrent_session": { "type": "integer", "enum": [0, 1] },
 		"redirect_uris": {
@@ -186,7 +182,6 @@ type OAuthClientConfig struct {
 	Name                                   string                     `json:"name,omitempty"`
 	ApplicationType                        OAuthClientApplicationType `json:"x_application_type,omitempty"`
 	MaxConcurrentSession                   int                        `json:"x_max_concurrent_session,omitempty"`
-	SettingsRedirectURIOrigins             []string                   `json:"x_settings_redirect_uri_origins,omitempty"`
 	RedirectURIs                           []string                   `json:"redirect_uris,omitempty"`
 	GrantTypes                             []string                   `json:"grant_types,omitempty"`
 	ResponseTypes                          []string                   `json:"response_types,omitempty"`
diff --git a/pkg/lib/oauth/handler/resolve.go b/pkg/lib/oauth/handler/resolve.go
index c64e7e94a1a..3cb9770a388 100644
--- a/pkg/lib/oauth/handler/resolve.go
+++ b/pkg/lib/oauth/handler/resolve.go
@@ -9,7 +9,6 @@ import (
 	"github.com/authgear/authgear-server/pkg/lib/oauth/oauthsession"
 	"github.com/authgear/authgear-server/pkg/lib/oauth/protocol"
 	"github.com/authgear/authgear-server/pkg/util/httputil"
-	"github.com/iawaknahc/originmatcher"
 )
 
 type oauthRequest interface {
@@ -122,7 +121,7 @@ func parseAuthzRedirectURI(
 		return nil, protocol.NewErrorResponse("invalid_request", "invalid redirect URI")
 	}
 
-	err = validateSettingsRedirectURI(client, httpProto, httpOrigin, domainWhitelist, redirectURI)
+	err = validateRedirectURI(client, httpProto, httpOrigin, domainWhitelist, redirectURI)
 	if err != nil {
 		return nil, protocol.NewErrorResponse("invalid_request", err.Error())
 	}
@@ -134,29 +133,3 @@ func parseAuthzRedirectURI(
 
 	return settingsActionURI, nil
 }
-
-func validateSettingsRedirectURI(
-	client *config.OAuthClientConfig,
-	httpProto httputil.HTTPProto,
-	httpOrigin httputil.HTTPOrigin,
-	domainWhitelist []string,
-	redirectURI *url.URL,
-) error {
-	redirectURIString := redirectURI.String()
-
-	matcher, err := originmatcher.New(client.SettingsRedirectURIOrigins)
-	if err != nil {
-		return err
-	}
-
-	if matcher.MatchOrigin(redirectURIString) {
-		return nil
-	}
-
-	err = validateRedirectURI(client, httpProto, httpOrigin, domainWhitelist, redirectURI)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}