chore: document standard deviation when using globs

add example on how to toggle the underlying client implementation based on DevMode.
2023-03-17 08:28:28 +02:00 · 2023-03-17 08:28:28 +02:00 · 82c1eefe72
commit 82c1eefe72
parent b184713eb9
3 changed files with 32 additions and 11 deletions
--- a/pkg/op/client.go
+++ b/pkg/op/client.go
@ -56,6 +56,12 @@ type Client interface {
 // interpretation. Redirect URIs that match either the non-glob version or the
 // glob version will be accepted. Glob URIs are only partially supported for native
 // clients: "http://" is not allowed except for loopback or in dev mode.
+//
+// Note that globbing / wildcards are not permitted by the oidc
+// standard and implementing this interface can have security implications.
+// It is advised to only return a client of this type in rare cases,
+// such as DevMode for the client being enabled.
+// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 type HasRedirectGlobs interface {
 	RedirectURIGlobs() []string
 	PostLogoutRedirectURIGlobs() []string