feat(oauth): allow wildcards in redirect_uris #2935
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This add a setting and logic to allow wildcards in
redirect_uris
for anOAuth2Client
.On Ecosphères, it will be very useful to be able to use OAuth when testing PR previews that have URLs like https://deploy-preview-205--ecospheres.netlify.app. We could authorize
*ecospheres.netlify.app/login/callback
for our client.Since this might be dangerous security-wise, it's behind a flag that is
False
by default. I suggest enabling it only on dev/demo instances and not in production.