cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(op): check redirect URI in code exchange (#516)

Browse source 
This changes fixes a missing redirect check in the Legacy Server's Code Exchange handler.
This commit is contained in:
Tim Möhlmann 2024-01-16 08:18:41 +02:00 committed by GitHub
parent 984e31a9e2
commit 844e2337bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pkg/op/server_legacy.go
View file

@ -210,6 +210,9 @@ func (s *LegacyServer) CodeExchange(ctx context.Context, r *ClientRequest[oidc.A
return nil, err
}
}
if r.Data.RedirectURI != authReq.GetRedirectURI() {
return nil, oidc.ErrInvalidGrant().WithDescription("redirect_uri does not correspond")
}
resp, err := CreateTokenResponse(ctx, authReq, r.Client, s.provider, true, r.Data.Code, "")
if err != nil {
return nil, err