New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redirect URIs other than http:// on mobile apps #210

Closed
fehrsam opened this Issue Feb 20, 2013 · 6 comments

Comments

Projects
None yet
6 participants
@fehrsam
Copy link

fehrsam commented Feb 20, 2013

I'm following the following guide for using OAuth2 with mobile apps: http://www.slideshare.net/briandavidcampbell/is-that-a-token-in-your-phone-in-your-pocket-or-are-you-just-glad-to-see-me-oauth-20-and-mobile-devices

It requires different formats of redirect uris. This file seems to require only http://..
https://github.com/applicake/doorkeeper/blob/master/app/validators/redirect_uri_validator.rb

I'm overriding it with this in an initializer right now:

class RedirectUriValidator
  def validate_each(record, attribute, value)
  end
end

Is this the best approach or should doorkeeper include support for these types of redirect uris? Thanks!

@felipeelias

This comment has been minimized.

Copy link
Member

felipeelias commented Feb 25, 2013

Doorkeeper should support this by default, but the uri validator should be configurable too.

Thanks for sharing!

@maletor

This comment has been minimized.

Copy link

maletor commented Mar 28, 2013

Yes +1 for this.

We have a client that is doing redirect_uri: "foo://invalid_hostname". The foo protocol dictates what is a valid "URI" in this case and in this case it is valid to have underscores.

@felipeelias

This comment has been minimized.

Copy link
Member

felipeelias commented Mar 29, 2013

@maletor yes, I see that our validation should be much more open than I thought it would be.

@bartolsthoorn

This comment has been minimized.

Copy link

bartolsthoorn commented Apr 4, 2013

Another +1, I'm also overriding this.
I'd like to see support for fuzzy matches, like *.domain.com.

Update: To clarify, I'm overriding it like this, so this is a bit different.

puts 'Warning, overriding Doorkeeper URL validation'
Doorkeeper::OAuth::PreAuthorization.class_eval do
  def validate_redirect_uri
    return true # or change it to test redirect_uri for *.domain.com
  end
end
@levionessa

This comment has been minimized.

@tute

This comment has been minimized.

Copy link
Member

tute commented Jul 10, 2014

Indeed it seems fixed, closing for now, if it's not feel free to reopen. Thanks for your input!

@tute tute closed this Jul 10, 2014

This was referenced Jul 21, 2014

@sethherr sethherr referenced this issue Nov 25, 2014

Closed

Invalid URI #512

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment