From 09e344fb95ac50c73c4f288343eb549ebb12dc67 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Wed, 17 Apr 2024 18:40:39 +0530
Subject: [PATCH] fix: strip redirect URIs for trailing whitespaces (#26006)

(cherry picked from commit cab3b963cd51125cb7a39603fac83d45642ad266)
---
 frappe/oauth.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/frappe/oauth.py b/frappe/oauth.py
index 4be22dcb33f..cbc4d2975ed 100644
--- a/frappe/oauth.py
+++ b/frappe/oauth.py
@@ -11,7 +11,7 @@
 
 import frappe
 from frappe.auth import LoginManager
-from frappe.utils.data import get_system_timezone, now_datetime
+from frappe.utils.data import cstr, get_system_timezone, now_datetime
 
 
 class OAuthWebRequestValidator(RequestValidator):
@@ -29,8 +29,10 @@ def validate_redirect_uri(self, client_id, redirect_uri, request, *args, **kwarg
 		# Is the client allowed to use the supplied redirect_uri? i.e. has
 		# the client previously registered this EXACT redirect uri.
 
-		redirect_uris = frappe.db.get_value("OAuth Client", client_id, "redirect_uris").split(
-			get_url_delimiter()
+		redirect_uris = (
+			cstr(frappe.db.get_value("OAuth Client", client_id, "redirect_uris"))
+			.strip()
+			.split(get_url_delimiter())
 		)
 
 		if redirect_uri in redirect_uris: