You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am not sure if this is related to this project or Authelia, therefore I opened this issue here as well. The original issue can be found at authelia/authelia#6559
I am testing a local application, that has the callback set to http://127.0.0.1:53842/oauth-callback
Authelia however redirects the output after granting the login to httpS://127.0.0.1:53842/oauth-callback
According to the OIDC draft specs, http may be allowed:
redirect_uri
REQUIRED. Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, with the matching performed as described in Section 6.2.1 of [RFC3986] (Simple String Comparison). When using this flow, the Redirection URI SHOULD use the https scheme; however, it MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0, and provided the OP allows the use of http Redirection URIs in this case. The Redirection URI MAY use an alternate scheme, such as one that is intended to identify a callback into a native application.
This would be a problem for applications not running on a webserver, e.g. on the users device
Reproducing the bug
Create a client with a HTTP callback in Authelia
Get redirected to HTTPS
Relevant log output
No response
Relevant configuration
No response
Version
0.44.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker
Additional Context
No response
The text was updated successfully, but these errors were encountered:
Preflight checklist
Ory Network Project
No response
Describe the bug
I am not sure if this is related to this project or Authelia, therefore I opened this issue here as well. The original issue can be found at authelia/authelia#6559
I am testing a local application, that has the callback set to
http://127.0.0.1:53842/oauth-callback
Authelia however redirects the output after granting the login to
httpS://127.0.0.1:53842/oauth-callback
According to the OIDC draft specs, http may be allowed:
This would be a problem for applications not running on a webserver, e.g. on the users device
Reproducing the bug
Relevant log output
No response
Relevant configuration
No response
Version
0.44.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker
Additional Context
No response
The text was updated successfully, but these errors were encountered: