feat: glob support for RedirectURIs

2023-02-28 17:24:30 -08:00 · 2023-02-28 17:24:30 -08:00 · 8da9b5f665
commit 8da9b5f665
parent 815ced424c
6 changed files with 81 additions and 14 deletions
--- a/pkg/op/session.go
+++ b/pkg/op/session.go
@ -5,6 +5,8 @@ import (
 	"net/http"
 	"net/url"

+	"github.com/gobwas/glob"
+
 	httphelper "github.com/zitadel/oidc/pkg/http"
 	"github.com/zitadel/oidc/pkg/oidc"
 )
@ -98,5 +100,16 @@ func ValidateEndSessionPostLogoutRedirectURI(postLogoutRedirectURI string, clien
 			return nil
 		}
 	}
+	if globClient, ok := client.(HasRedirectGlobs); ok {
+		for _, uriGlob := range globClient.PostLogoutRedirectURIGlobs() {
+			matcher, err := glob.Compile(uriGlob)
+			if err != nil {
+				return oidc.ErrServerError().WithParent(err)
+			}
+			if matcher.Match(postLogoutRedirectURI) {
+				return nil
+			}
+		}
+	}
 	return oidc.ErrInvalidRequest().WithDescription("post_logout_redirect_uri invalid")
 }