Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax OAuth2 RedirectUrl validation #3689

Closed
wants to merge 2 commits into from
Closed

Relax OAuth2 RedirectUrl validation #3689

wants to merge 2 commits into from

Conversation

sergeypdev
Copy link
Contributor

Hey, first of all thanks for making PocketBase!

I encountered an issue with OAuth2 when implementing auth in iOS. Current RedirectUrl validation is too restrictive and doesn't allow custom url schemes, which is needed for native apps.

I think it's best to disable that validation on the PocketBase side, because it's not really necessary there. Let the OAuth provider handle that instead in their own way.

@sergeypdev
relax OAuth2 RedirectUrl validation
69ad393 
Current validation prohibits custom url schemes, which breaks custom url
schemes common in mobile apps.

Let OAuth2 provider handle redirect url validation instead.
@sergeypdev
remove unused imports
44e9acd
@ganigeorgiev
Copy link
Member

ganigeorgiev commented Nov 6, 2023
edited
Loading

Could you also add a test with a custom url scheme in the record_oauth2_login_test.go?

Side-note: when using the "all-in-one" OAuth2 flow you don't need a deeplink, although I guess it will depend on the SDK implementation.

ganigeorgiev added a commit that referenced this pull request Nov 6, 2023
@ganigeorgiev @sergeypdev
[#3689] relaxed the OAuth2 redirect url validation to allow any strin…
ba7cf8b 
…g value

Co-authored-by: sergeypdev <[email protected]>
@ganigeorgiev
Copy link
Member

I've squash merged the changes in master since I wanted to make it part of the v0.19.3 release that will be available sometime later today.

@sergeypdev
Copy link
Contributor Author

@ganigeorgiev thank you!

@Porkepix Porkepix mentioned this pull request Nov 6, 2023
Merged
abdokhaire pushed a commit to abdokhaire/postgresbase that referenced this pull request Aug 7, 2024
@ganigeorgiev @sergeypdev
[pocketbase#3689] relaxed the OAuth2 redirect url validation to allow…
81a4c9e 
… any string value

Co-authored-by: sergeypdev <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sergeypdev @ganigeorgiev