rfc 8252
This commit is contained in:
parent
15f859d562
commit
b81e6eeff9
|
@ -42,6 +42,7 @@ function validateClientId(raw: string): URL {
|
||||||
// https://datatracker.ietf.org/doc/html/rfc6749.html#section-3.1.2.1
|
// https://datatracker.ietf.org/doc/html/rfc6749.html#section-3.1.2.1
|
||||||
// 'The redirection endpoint SHOULD require the use of TLS as described
|
// 'The redirection endpoint SHOULD require the use of TLS as described
|
||||||
// in Section 1.6 when the requested response type is "code" or "token"'
|
// in Section 1.6 when the requested response type is "code" or "token"'
|
||||||
|
// TODO: Consider allowing custom URIs per RFC 8252.
|
||||||
const allowedProtocols = process.env.NODE_ENV === 'test' ? ['http:', 'https:'] : ['https:'];
|
const allowedProtocols = process.env.NODE_ENV === 'test' ? ['http:', 'https:'] : ['https:'];
|
||||||
if (!allowedProtocols.includes(url.protocol)) {
|
if (!allowedProtocols.includes(url.protocol)) {
|
||||||
throw new AuthorizationError('client_id must be a valid HTTPS URL', 'invalid_request');
|
throw new AuthorizationError('client_id must be a valid HTTPS URL', 'invalid_request');
|
||||||
|
@ -318,7 +319,7 @@ export class OAuth2ProviderService {
|
||||||
|
|
||||||
const clientUrl = validateClientId(clientID);
|
const clientUrl = validateClientId(clientID);
|
||||||
|
|
||||||
// TODO: Consider allowing this for native apps (RFC 8252)
|
// TODO: Consider allowing localhost for native apps (RFC 8252)
|
||||||
// The current setup requires an explicit list of redirect_uris per
|
// The current setup requires an explicit list of redirect_uris per
|
||||||
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3
|
||||||
// which blocks the support. But we could loose the rule in this case.
|
// which blocks the support. But we could loose the rule in this case.
|
||||||
|
|
Loading…
Reference in a new issue