Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: require redirect_uri for OpenID Connect calls #814

Merged
merged 5 commits into from
Sep 16, 2024
Merged

fix: require redirect_uri for OpenID Connect calls #814

merged 5 commits into from
Sep 16, 2024

Conversation

aeneasr
Copy link
Member

@aeneasr aeneasr commented Jul 9, 2024

Fixes an issue where Authorize Requests which were intended for an OpenID Connect 1.0 client would incorrectly be allowed when missing the redirect URI when it's required by the specification.

Closes #685
Closes #762

BREAKING CHANGES: Going forward, calls to /oauth2/auth which trigger OpenID Connect require the redirect_uri query parameter to be set.

james-d-elliott and others added 5 commits August 4, 2023 15:49
@james-d-elliott
fix: openid ignores missing redirect uri
4273501 
Fixes an issue where Authorize Requests which were intended for an OpenID Connect 1.0 client would incorrectly be allowed when missing the redirect URI when it's required by the specification.
@james-d-elliott
test: add tdd test
63c797c
@james-d-elliott
Merge branch 'master' into fix-oidc-redirect-uri
37f4ada
@james-d-elliott
Merge branch 'master' into fix-oidc-redirect-uri
14f50b3
@aeneasr
fix: require redirect_uri for OpenID Connect calls
86c8ea5 
Fixes an issue where Authorize Requests which were intended for an OpenID Connect 1.0 client would incorrectly be allowed when missing the redirect URI when it's required by the specification.

Closes #685
Closes #762

BREAKING CHANGES: Going forward, calls to `/oauth2/auth` which trigger OpenID Connect require the `redirect_uri` query parameter to be set.
@aeneasr aeneasr self-assigned this Jul 9, 2024
@aeneasr aeneasr mentioned this pull request Jul 9, 2024
Closed
6 tasks
@aeneasr
Copy link
Member Author

aeneasr commented Jul 9, 2024

Blocked until August 1st

@aeneasr aeneasr merged commit aa7c79e into master Sep 16, 2024
12 checks passed
@aeneasr aeneasr deleted the fix-oidc-redirect-uri branch September 16, 2024 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alnr alnr alnr approved these changes

Assignees

@aeneasr aeneasr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Investigate missing redirect_uri check when performing OIDC flows
3 participants
@aeneasr @alnr @james-d-elliott