-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple redirect_uris when creating OAuth 2.0 Applications #29192
Support multiple redirect_uris when creating OAuth 2.0 Applications #29192
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #29192 +/- ##
==========================================
- Coverage 85.01% 85.01% -0.01%
==========================================
Files 1059 1060 +1
Lines 28277 28288 +11
Branches 4538 4537 -1
==========================================
+ Hits 24040 24049 +9
- Misses 3074 3075 +1
- Partials 1163 1164 +1 ☔ View full report in Codecov by Sentry. |
c43497a
to
69d1781
Compare
69d1781
to
d8cc3f3
Compare
The following issue was discovered whilst working on the tests: #30152 |
7de288b
to
e35590f
Compare
Working on a few additional changes after noticing some gaps when authoring the documentation for this PR. |
@ClearlyClaire okay, we're good — I've added:
|
This brings us more inline with the dynamic client registration specification
…ializer for /api/v1/apps and ApplicationSerializer for /api/v1/apps/verify_credentials
0f6ffae
to
1b04819
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me although I'm confused why this is going back on client_id
being introspectable.
This brings us more inline with the dynamic client registration specification, where you can create a single application with multiple redirect URIs, see the example request at: https://datatracker.ietf.org/doc/html/rfc7591#section-3.1
This works around some weirdness in doorkeeper, where it only has a
redirect_uri
field on an Application, but it does some weird "join multiple values with a \n for the database" thing.Arguably, this could be considered a breaking change because it introduces some kinda weird behavior, but it is technically the "correct" behavior with regards to OAuth 2.0...
This is currently a draft as it requires test coverage to be written, and I have had the time to write said tests yet.