Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not possible to add a deep link as redirect_uri #2282

Closed
aliaksander-samuseu opened this issue Dec 15, 2022 · 2 comments
Closed

Not possible to add a deep link as redirect_uri #2282

aliaksander-samuseu opened this issue Dec 15, 2022 · 2 comments
Assignees
@shekhar16
Labels
bug High Priority
Milestone
4.5

Comments

@aliaksander-samuseu
Copy link
Contributor

aliaksander-samuseu commented Dec 15, 2022
edited

Description

Reported by a partner in ticket 11012
When adding a deep link kind of uri (example: myapp://com.callback) as redirect_uri for an OIDC client, oxTrust will respond with "The url is malformed" error pop up and will refuse to add it. The code checking for it seems to be embedded in the page itself.

Steps To Reproduce

  1. Log in as admin user
  2. Move to OpenID Connect > Clients
  3. Create a client entry, or use an existing one; open it for editing and try to add a uri above as redirect_uri (the partner used uri like this com.okta.dev-55232784:/callback)

Expected behavior

oxTrust must allow addition of deep linking redirect_uri-s at least for the "Native" type of client. Though it may be needed to support it for "Web" as well (need to be assessed by somebody with sufficient expertise in mobile app development)

Actual behavior

The uri is rejected with "The url is malformed" error pop up
@aliaksander-samuseu aliaksander-samuseu added this to the 4.5.1 milestone Dec 15, 2022
@nynymike
Copy link
Contributor

nynymike commented Dec 21, 2022
edited

Any valid URI should be allowed. See https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2
Ignore "should use tls"... if the client doesn't want to use tls, that's up to it. Also, for non web protocols, the messaging may be encrypted anyway.

@shekhar16 shekhar16 mentioned this issue Dec 26, 2022
Merged
@nynymike nynymike modified the milestones: 4.5.1, 4.5 Jan 5, 2023
@shekhar16
Copy link
Collaborator

Code merged.
Closing this ticket.

@shekhar16 shekhar16 mentioned this issue Jan 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shekhar16 shekhar16

Labels
bug High Priority
Projects
None yet
Milestone
4.5
Development

No branches or pull requests
3 participants
@nynymike @aliaksander-samuseu @shekhar16