Skip to content

Commit

Permalink
Add support for wildcard RedirectUris (#44)
Browse files Browse the repository at this point in the history
Yshayy authored Oct 3, 2020

Verified

This commit was signed with the committer’s verified signature.
lchenut Ludovic Chenut
1 parent 70e8984 commit cc8699f
Showing 5 changed files with 35 additions and 6 deletions.
2 changes: 1 addition & 1 deletion e2e/config/clients-configuration.json
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
"Description": "Client for implicit flow",
"AllowedGrantTypes": ["implicit"],
"AllowAccessTokensViaBrowser": true,
"RedirectUris": ["https://www.google.com"],
"RedirectUris": ["https://*.google.com"],
"AllowedScopes": ["openid", "profile", "email", "some-custom-identity"],
"IdentityTokenLifetime": 3600,
"AccessTokenLifetime": 3600
4 changes: 2 additions & 2 deletions e2e/tests/authorization-endpoint.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ describe('Authorization Endpoint', () => {
client_id: implicitFlowClient.ClientId,
scope: 'openid some-custom-identity',
response_type: 'id_token token',
redirect_uri: implicitFlowClient.RedirectUris?.[0],
redirect_uri: implicitFlowClient.RedirectUris?.[0].replace('*', 'www'),
state: 'abc',
nonce: 'xyz',
};
@@ -55,7 +55,7 @@ describe('Authorization Endpoint', () => {
await page.keyboard.press('Enter');
await page.waitForNavigation();
const redirectedUrl = new URL(page.url());
expect(redirectedUrl.origin).toEqual(implicitFlowClient.RedirectUris?.[0]);
expect(redirectedUrl.origin).toEqual(parameters.redirect_uri);
const hash = redirectedUrl.hash.slice(1);
const query = querystring.parse(hash);

4 changes: 2 additions & 2 deletions e2e/tests/userinfo-endpoint.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ describe('UserInfo Endpoint', () => {
client_id: implicitFlowClient.ClientId,
scope: 'openid profile some-custom-identity',
response_type: 'id_token token',
redirect_uri: implicitFlowClient.RedirectUris?.[0],
redirect_uri: implicitFlowClient.RedirectUris?.[0].replace('*', 'www'),
state: 'abc',
nonce: 'xyz',
};
@@ -55,7 +55,7 @@ describe('UserInfo Endpoint', () => {
await page.keyboard.press('Enter');
await page.waitForNavigation();
const redirectedUrl = new URL(page.url());
expect(redirectedUrl.origin).toEqual(implicitFlowClient.RedirectUris?.[0]);
expect(redirectedUrl.origin).toEqual(parameters.redirect_uri);
const hash = redirectedUrl.hash.slice(1);
const query = querystring.parse(hash);

3 changes: 2 additions & 1 deletion src/Startup.cs
Original file line number Diff line number Diff line change
@@ -24,7 +24,8 @@ public void ConfigureServices(IServiceCollection services)
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryApiScopes(Config.GetApiScopes())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers());
.AddTestUsers(Config.GetUsers())
.AddRedirectUriValidator<UriValidator>();

services.AddRouting();
services.AddCors();
28 changes: 28 additions & 0 deletions src/UriValidator.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
using System.Threading.Tasks;
using IdentityServer4.Models;
using IdentityServer4.Validation;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System;
using System.Text.RegularExpressions;

namespace OpenIdConnectServer
{
internal class UriValidator : IRedirectUriValidator
{

public Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client)
{
return Task.FromResult<bool>(client.RedirectUris.Any(allowedUri =>
Regex.Match(requestedUri, Regex.Escape(allowedUri).Replace("\\*", "[a-zA-Z0-9.]+?")).Success
));
}

public Task<bool> IsRedirectUriValidAsync(string requestedUri, Client client)
{
return Task.FromResult<bool>(client.RedirectUris.Any(allowedUri =>
Regex.Match(requestedUri, Regex.Escape(allowedUri).Replace("\\*", "[a-zA-Z0-9.]+?")).Success
)); }
}
}

0 comments on commit cc8699f

Please sign in to comment.