Mercurial > prosody-modules
changeset 5239:8620a635106e
mod_http_oauth2: Validate basic URI syntax of redirect URIs
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 11 Mar 2023 22:30:58 +0100 |
| parents | 94472eb41d0a |
| children | 001908044d0d |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sat Mar 11 20:20:37 2023 +0000 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sat Mar 11 22:30:58 2023 +0100 @@ -600,6 +600,13 @@ return oauth_error("invalid_request", "Failed schema validation."); end + for _, redirect_uri in ipairs(client_metadata.redirect_uris) do + local components = url.parse(redirect_uri); + if not components then + return oauth_error("invalid_request", "Invalid redirect URI."); + end + end + -- Ensure each signed client_id JWT is unique client_metadata.nonce = uuid.generate();