Fix invalid_request on oauth from localhost client

futur.blue / pegasus

fork atom

objective categorical abstract machine language personal data server

fork atom

futur.blue 2 months ago a9a73887 1a73ae5c

verified

+17 -4

2 changed files

expand all

unified split

pegasus

lib

oauth

client.ml

dpop.ml

+3 -1

pegasus/lib/oauth/client.ml

··· 39 39 match Uri.scheme u with 40 40 | Some "https" when host <> Some "localhost" -> 41 41 () 42 - | Some "http" when host = Some "127.0.0.1" || host = Some "[::1]" -> 42 + | Some "http" 43 + when host = Some "127.0.0.1" || host = Some "localhost" 44 + || host = Some "[::1]" -> 43 45 () 44 46 | _ -> 45 47 failwith ("invalid redirect_uri: " ^ uri) )

+14 -3

pegasus/lib/oauth/dpop.ml

··· 73 73 if Hashtbl.length jti_cache mod 100 = 0 then cleanup_jti_cache () ; 74 74 true ) 75 75 76 + let is_loopback host = 77 + host = "127.0.0.1" || host = "[::1]" || host = "localhost" 78 + 76 79 let normalize_url url = 77 80 let uri = Uri.of_string url in 78 - Uri.make ~scheme:"https" 79 - ~host:(Uri.host uri |> Option.value ~default:Env.hostname) 80 - ~path:(Uri.path uri) () 81 + let host = Uri.host uri in 82 + let scheme, normalized_host = 83 + match host with 84 + | Some h when is_loopback h -> 85 + ("http", h) 86 + | Some h -> 87 + ("https", h) 88 + | None -> 89 + ("https", Env.hostname) 90 + in 91 + Uri.make ~scheme ~host:normalized_host ~path:(Uri.path uri) () 81 92 |> Uri.to_string 82 93 83 94 let compute_jwk_thumbprint jwk =