Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 Plugin: Support Custom Redirect URIs for the Authentication Request #1397

Closed
nikz opened this issue Jul 14, 2016 · 5 comments
Closed

OAuth2 Plugin: Support Custom Redirect URIs for the Authentication Request #1397

nikz opened this issue Jul 14, 2016 · 5 comments
Assignees
@subnetmarco
Labels
plugins/oauth2

Comments

@nikz
Copy link

nikz commented Jul 14, 2016

In the OAuth2 Authorization code flow, it's possible to specify a Redirect URI during the Authorization Request phase.

This would be really useful for dynamic redirection.

There are also more details about the redirect URL requirements here: https://tools.ietf.org/html/rfc6749#section-3.1.2
@Tieske Tieske added this to the 0.9 milestone Jul 14, 2016
@subnetmarco
Copy link
Member

@nikz this is currently possible on the /authorize endpoint.

@thibaultcha thibaultcha modified the milestones: 0.9, 0.10 Sep 13, 2016
@subnetmarco
Copy link
Member

@nikz do you confirm?

@nikz
Copy link
Author

nikz commented Sep 20, 2016

@thefosk not quite - https://github.com/Mashape/kong/blob/master/kong/plugins/oauth2/access.lua#L159 matches the redirect URI exactly, whereas for Github for example only the host and port must match.

@thibaultcha thibaultcha removed this from the 0.10 RC milestone Mar 7, 2017
@ikogan
Copy link
Contributor

ikogan commented Jun 13, 2017

What's the thinking around this? I'm getting ready to start working on a PR to allow the redirect URI to be a regex and would appreciate any input on what not to do. I imagine we don't want to change this behavior out from under existing implementations, so some kind of toggle would be useful?

@ikogan ikogan mentioned this issue Jul 27, 2017
Closed
@hanshuebner
Copy link
Contributor

It seems that interest in this has died out and #2746 was not merged. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@subnetmarco subnetmarco

Labels
plugins/oauth2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make OAuth 2.0 redirect URIs regexes. ohioit/kong
7 participants
@nikz @hanshuebner @subnetmarco @bungle @Tieske @thibaultcha @ikogan