Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5239:8620a635106e

mod_http_oauth2: Validate basic URI syntax of redirect URIs
author Kim Alvefur <zash@zash.se>
date Sat, 11 Mar 2023 22:30:58 +0100
parent 5237:3354f943c1fa
child 5240:001908044d0d
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 20:20:37 2023 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 22:30:58 2023 +0100
@@ -600,6 +600,13 @@
 		return oauth_error("invalid_request", "Failed schema validation.");
 	end
 
+	for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
+		local components = url.parse(redirect_uri);
+		if not components then
+			return oauth_error("invalid_request", "Invalid redirect URI.");
+		end
+	end
+
 	-- Ensure each signed client_id JWT is unique
 	client_metadata.nonce = uuid.generate();