-
Notifications
You must be signed in to change notification settings - Fork 467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth: Fix for multiple redirect_uris
#2756
base: main
Are you sure you want to change the base?
OAuth: Fix for multiple redirect_uris
#2756
Conversation
I would be fine with incorporating something like this only it should be optional, especially for clients that only have one redirect uri. |
Thank you for responding to my pull request! |
We’re running into this now as @avdb13 is using atrium to add support for atproto-oauth in rauthy. avdb13 said:
let config = OAuthClientConfig {
client_metadata: AtprotoLocalhostClientMetadata {
redirect_uris: vec!["http://127.0.0.1".to_string()],
},
keys: None,
resolver: oauth_resolver_config,
state_store: MemoryStateStore::default(),
};
let client = OAuthClient::new(config)?;
let authorization_url = client.authorize(&pds, atrium_oauth_client::AuthorizeOptions::default()).await.unwrap();
avdb13 said:
sugyan said:
|
In the client metadata, multiple
redirect_uri
can be specified,Any value contained in the
redirect_uris
can be used in theoptions
of theOAuthClient.authorize()
method.However, even in the above case, the current implementation automatically selects and sends
this.clientMetadata.redirect_uris[0]
in the token request, so even if the redirected params are correctly obtained,exchangeCode()
returns the following error.Actually, the
callback()
method does not receive the redirect_uri, so I think the only way to get the value of theredirect_uri
used in the PAR is throughstateStore
.