Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redirect URIs other than http:// on mobile apps #210

Closed
fehrsam opened this issue Feb 20, 2013 · 6 comments
Closed

Redirect URIs other than http:// on mobile apps #210

fehrsam opened this issue Feb 20, 2013 · 6 comments
Labels

Comments

@fehrsam
Copy link

@fehrsam fehrsam commented Feb 20, 2013

I'm following the following guide for using OAuth2 with mobile apps: http://www.slideshare.net/briandavidcampbell/is-that-a-token-in-your-phone-in-your-pocket-or-are-you-just-glad-to-see-me-oauth-20-and-mobile-devices

It requires different formats of redirect uris. This file seems to require only http://..
https://github.com/applicake/doorkeeper/blob/master/app/validators/redirect_uri_validator.rb

I'm overriding it with this in an initializer right now:

class RedirectUriValidator
  def validate_each(record, attribute, value)
  end
end

Is this the best approach or should doorkeeper include support for these types of redirect uris? Thanks!

@felipeelias
Copy link
Member

@felipeelias felipeelias commented Feb 25, 2013

Doorkeeper should support this by default, but the uri validator should be configurable too.

Thanks for sharing!

@maletor
Copy link

@maletor maletor commented Mar 28, 2013

Yes +1 for this.

We have a client that is doing redirect_uri: "foo://invalid_hostname". The foo protocol dictates what is a valid "URI" in this case and in this case it is valid to have underscores.

@felipeelias
Copy link
Member

@felipeelias felipeelias commented Mar 29, 2013

@maletor yes, I see that our validation should be much more open than I thought it would be.

@bartolsthoorn
Copy link

@bartolsthoorn bartolsthoorn commented Apr 4, 2013

Another +1, I'm also overriding this.
I'd like to see support for fuzzy matches, like *.domain.com.

Update: To clarify, I'm overriding it like this, so this is a bit different.

puts 'Warning, overriding Doorkeeper URL validation'
Doorkeeper::OAuth::PreAuthorization.class_eval do
  def validate_redirect_uri
    return true # or change it to test redirect_uri for *.domain.com
  end
end

@nessamurmur
Copy link

@nessamurmur nessamurmur commented Jul 10, 2014

@tute
Copy link
Member

@tute tute commented Jul 10, 2014

Indeed it seems fixed, closing for now, if it's not feel free to reopen. Thanks for your input!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants