Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regex for sub claim doesn't allow localhost #551

Closed
jaxoncreed opened this issue Nov 5, 2020 · 1 comment · Fixed by #578
Closed

Regex for sub claim doesn't allow localhost #551

jaxoncreed opened this issue Nov 5, 2020 · 1 comment · Fixed by #578
Labels
bug Something isn't working

Comments

@jaxoncreed
Copy link
Contributor

The regex here (

solid-client-authn-js/packages/oidc/src/dpop/tokenExchange.ts

Line 111 in 49cf2fa

if (!decoded.sub.match(/^https?:\/\/.+\..+$/)) {
) doesn't allow for a domain like https://localhost:8443/profile/card#me. Because NSS does not issue a webid claim, a user running NSS on single-user mode locally is not able to log in.
@jaxoncreed jaxoncreed added the bug Something isn't working label Nov 5, 2020
@jaxoncreed jaxoncreed mentioned this issue Nov 5, 2020
Closed
@nicolasmondada
Copy link
Contributor

Good catch! Thanks for reporting this @jaxoncreed.

NSeydoux added a commit that referenced this issue Nov 10, 2020
@NSeydoux
Accepts broader range of valid IRIs in the sub claim
75d50a0 
Resolves #551.

Instead of parsing the `sub` claim with a regex, this uses a proper IRI parser to validate that the sub is well-formed to derive a webid. In particular, local IRI from test NSS instances are now accepted.
@NSeydoux NSeydoux mentioned this issue Nov 10, 2020
Merged
3 tasks
NSeydoux added a commit that referenced this issue Nov 10, 2020
@NSeydoux @Vinnl @pmcb55
Accepts broader range of valid IRIs in the sub claim (#578)
e7c0604 
Resolves #551.

Instead of parsing the `sub` claim with a regex, this uses a proper IRI parser to validate that the sub is well-formed to derive a webid. In particular, local IRI from test NSS instances are now accepted.

Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
Co-authored-by: Pat McBennett <patm@inrupt.com>
@brownhoward brownhoward mentioned this issue Nov 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Accepts broader range of valid IRIs in the sub claim inrupt/solid-client-authn-js
2 participants
@nicolasmondada @jaxoncreed