# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1678570258 -3600
# Node ID 8620a635106e7885852d0e2a7261f1788d5adb77
# Parent  94472eb41d0a88561ce81b04b16cbe35ab47fafc
mod_http_oauth2: Validate basic URI syntax of redirect URIs

diff -r 94472eb41d0a -r 8620a635106e mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 20:20:37 2023 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 22:30:58 2023 +0100
@@ -600,6 +600,13 @@
 		return oauth_error("invalid_request", "Failed schema validation.");
 	end
 
+	for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
+		local components = url.parse(redirect_uri);
+		if not components then
+			return oauth_error("invalid_request", "Invalid redirect URI.");
+		end
+	end
+
 	-- Ensure each signed client_id JWT is unique
 	client_metadata.nonce = uuid.generate();