Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add redirectUri to url regex for OAuth2 #396
Made a change to how the regex used to detect the
Keycloak is an an OAuth2/OpenId Connect authentication provider. As part of Keycloak's authentication flow it loads several pages in order to prompt the user for different pieces of information. One of these pages is an internal keycloak page with a
This triggers the regex and Insomnia will extract this invalid code and attempt to get a token. The access token request fails because the code is internal to keycloak and isn't actually an authorization code.
This PR will add the redirect uri, if present, to the regex so that it will only trigger if the url loaded in the window begins with the redirect uri.
Not sure if RegEx is commonly available. Don't normally contribute to node/js based projects.
Not sure how to add tests regarding this.
Related Issue: (Issue number this PR references, for example #4)
Keycloak, an OAuth2/OpenId Connect authentication server, has multiple pages it redirects to during the login process for the user. One such internal url it uses has `code=` as part of the url. This causes the window to close prematurely and attempt to get an access token. However, the code is wrong because it is only an intermediaery step for Keycloak. This fix will add the redirectUri to the regex. Insomnia will only attempt to fetch the token AFTER keycloak has finished it's full login flow and has redirected back to the redirectUri.