Skip to content

fix: allow non-HTTP URIs in OAuth2 provider redirect URIs #18880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: thomask33/07-14-feat_oauth2_add_bulk_token_revocation_endpoint_with_usage_tracking
Choose a base branch
from
Draft

fix: allow non-HTTP URIs in OAuth2 provider redirect URIs #18880

wants to merge 1 commit into from

Conversation

ThomasK33
Copy link
Member

Changed OAuth2 redirect URI validation to accept custom URI schemes

This PR updates the validation for OAuth2 provider app redirect URIs to use the more flexible uri validator instead of the stricter http_url validator. This allows for custom URI schemes that don't follow reverse domain notation, while still blocking well-known schemes like http, https, ftp, etc.

The change removes the requirement that custom schemes must contain a period, making the validation more permissive for various client applications while maintaining security by continuing to block well-known schemes.

This was referenced Jul 15, 2025
Open
Open
Open
Open
Open
@ThomasK33 ThomasK33 mentioned this pull request Jul 15, 2025
Open
@ThomasK33 Graphite App
Copy link
Member Author

ThomasK33 commented Jul 15, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 force-pushed the thomask33/07-15-fix_oauth2_allow_custom_uri_schemes_without_reverse_domain_notation_for_native_apps branch from 80b2b40 to a29e00a Compare July 17, 2025 13:43
@ThomasK33 ThomasK33 force-pushed the thomask33/07-14-feat_oauth2_add_bulk_token_revocation_endpoint_with_usage_tracking branch from 4e82d80 to 8830706 Compare July 17, 2025 13:43
@ThomasK33 ThomasK33 force-pushed the thomask33/07-15-fix_oauth2_allow_custom_uri_schemes_without_reverse_domain_notation_for_native_apps branch from a29e00a to 63934b4 Compare July 17, 2025 14:38
@ThomasK33 ThomasK33 force-pushed the thomask33/07-14-feat_oauth2_add_bulk_token_revocation_endpoint_with_usage_tracking branch from 8830706 to 13de8e2 Compare July 17, 2025 14:38
@ThomasK33 ThomasK33 force-pushed the thomask33/07-15-fix_oauth2_allow_custom_uri_schemes_without_reverse_domain_notation_for_native_apps branch from d9ecda1 to 0b47133 Compare July 17, 2025 16:25
@ThomasK33 ThomasK33 force-pushed the thomask33/07-14-feat_oauth2_add_bulk_token_revocation_endpoint_with_usage_tracking branch from 13de8e2 to b4a9dbd Compare July 23, 2025 16:53
@ThomasK33 ThomasK33 force-pushed the thomask33/07-15-fix_oauth2_allow_custom_uri_schemes_without_reverse_domain_notation_for_native_apps branch from 0b47133 to 99e7a7b Compare July 23, 2025 16:53
@ThomasK33 ThomasK33 mentioned this pull request Jul 23, 2025
Draft
@github-actions github-actions bot added the stale This issue is like stale bread. label Jul 31, 2025
@github-actions github-actions bot closed this Aug 3, 2025
@ThomasK33
fix(oauth2): allow custom URI schemes without reverse domain notation…
c2346ff 
… for native apps

Change-Id: I4000cd39caa994efe0b76c4984e968f2963063ca
Signed-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33 ThomasK33 removed the stale This issue is like stale bread. label Aug 12, 2025
@ThomasK33 ThomasK33 assigned Emyrk and unassigned ThomasK33 Aug 12, 2025
@ThomasK33 ThomasK33 reopened this Aug 12, 2025
@ThomasK33 ThomasK33 force-pushed the thomask33/07-15-fix_oauth2_allow_custom_uri_schemes_without_reverse_domain_notation_for_native_apps branch from 99e7a7b to c2346ff Compare August 12, 2025 16:34
@ThomasK33 ThomasK33 force-pushed the thomask33/07-14-feat_oauth2_add_bulk_token_revocation_endpoint_with_usage_tracking branch from b4a9dbd to 72cf224 Compare August 12, 2025 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ThomasK33 @Emyrk