cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: glob support for RedirectURIs

Browse source 
Fixes #293
This commit is contained in:
David Sharnoff 2023-03-06 04:13:35 -08:00 committed by GitHub
parent 815ced424c
commit 7e5798569b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 64 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

12
pkg/op/session.go
View file

@ -4,6 +4,7 @@ import (
"context"
"net/http"
"net/url"
"path"
httphelper "github.com/zitadel/oidc/pkg/http"
"github.com/zitadel/oidc/pkg/oidc"
@ -98,5 +99,16 @@ func ValidateEndSessionPostLogoutRedirectURI(postLogoutRedirectURI string, clien
return nil
}
}
if globClient, ok := client.(HasRedirectGlobs); ok {
for _, uriGlob := range globClient.PostLogoutRedirectURIGlobs() {
isMatch, err := path.Match(uriGlob, postLogoutRedirectURI)
if err != nil {
return oidc.ErrServerError().WithParent(err)
}
if isMatch {
return nil
}
}
}
return oidc.ErrInvalidRequest().WithDescription("post_logout_redirect_uri invalid")
}