feat: check for redirect uris allowed

2025-06-07 19:16:28 +02:00
parent 108ed61961
commit 2209846525
1 changed files with 9 additions and 0 deletions
--- a/internal/oauth/authorize.go
+++ b/internal/oauth/authorize.go
@ -61,5 +61,14 @@ func (h *OAuthHandler) AuthorizeClient(w http.ResponseWriter, r *http.Request) {
 		}
 	}

+	if !slices.Contains(client.RedirectUris, redirectUri) {
+		uri := fmt.Sprintf("%s?error=invalid_request&error_description=Redirect+URI+is+not+allowed", redirectUri)
+		if state != "" {
+			uri += "&state=" + state
+		}
+		http.Redirect(w, r, uri, http.StatusFound)
+		return
+	}
+
 	http.Redirect(w, r, fmt.Sprintf("/auth?%s", r.URL.Query().Encode()), http.StatusFound)
 }