Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set #1682

Open
brent-cybrid opened this issue Dec 4, 2023 · 2 comments · May be fixed by #1701
Open

Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set #1682

brent-cybrid opened this issue Dec 4, 2023 · 2 comments · May be fixed by #1701

Comments

@brent-cybrid
Copy link

Steps to reproduce

Create an application with no redirect_uri set, i.e., redirect_uri=nil.

Set allow_blank_redirect_uri = true in the Doorkeeper config.

Hit GET /oauth/authorize with redirect_uri='' or redirect_uri=nil or omit the redirect_uri parameter.

Observe an Doorkeeper::Errors::InvalidRedirectUri exception with the message The requested redirect uri is malformed or doesn't match client redirect URI.

Expected behavior

In versions 5.6.6 and before an authorization code was returned.

Actual behavior

An Doorkeeper::Errors::InvalidRedirectUri exception with the message The requested redirect uri is malformed or doesn't match client redirect URI.

System configuration

Set allow_blank_redirect_uri = true in the Doorkeeper config.
@brent-cybrid brent-cybrid changed the title Doorkeeper::Errors::InvalidRedirectUri Raised When no Redirect URI Set Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set Dec 4, 2023
@brent-cybrid
Copy link
Author

Has this been looked at?

@nbulaj
Copy link
Member

nbulaj commented Feb 12, 2024

Hey @brent-cybrid .

In versions 5.6.6 and before an authorization code was returned.

I believe it was always like this 🤔

https://github.com/doorkeeper-gem/doorkeeper/blob/main/lib/doorkeeper/oauth/pre_authorization.rb#L100-L107

In any case this behavior should be reviewed ,m more details here #1678

@nbulaj nbulaj linked a pull request Mar 14, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make redirect_uri optional for Authorization request doorkeeper-gem/doorkeeper
2 participants
@nbulaj @brent-cybrid