Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Check OAuth2 redirect URL for matching callback URL and authorization code in query parameters #2148

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: Check OAuth2 redirect URL for matching callback URL and authorization code in query parameters #2148

wants to merge 3 commits into from

Commits on Apr 21, 2024

  1. Check OAuth2 redirect URL for matching callback URL and authorization… 

    … code in query parameters

In an Authorization code flow, there may be multiple intermediate redirects before reaching the final one which matches the callback URL and has a code in the query params.

We should wait until we see a redirect URI that matches both the conditions. This fixes the issue where, when a redirect contains `code` as a query param but is not the final one (i.e., is not to the callback URL) an error is thrown saying the callback URL is invalid.

Fixes usebruno#2147
    @dakshin-k
    dakshin-k committed Apr 21, 2024
    Configuration menu
    Copy the full SHA
    24753e8 View commit details
    Browse the repository at this point in the history

Commits on Apr 22, 2024

  1. Add test cases for callback URL check

    @dakshin-k
    dakshin-k committed Apr 22, 2024
    Configuration menu
    Copy the full SHA
    906e4e4 View commit details
    Browse the repository at this point in the history

Commits on Apr 23, 2024

  1. Update check to cover URLs with same host but different endpoints

    @dakshin-k
    dakshin-k committed Apr 23, 2024
    Configuration menu
    Copy the full SHA
    d01d312 View commit details
    Browse the repository at this point in the history