verify PRM resource

ochafik · ochafik · commit 4fcbb6870bbd · 2025-06-18T11:50:39.000+01:00
diff --git a/src/client/auth.ts b/src/client/auth.ts
@@ -110,6 +110,9 @@ export async function auth(
     if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) {
       authorizationServerUrl = resourceMetadata.authorization_servers[0];
     }
+    if (resourceMetadata.resource && resourceMetadata.resource !== resource.href) {
+      throw new Error(`Protected resource ${resourceMetadata.resource} does not match expected ${resource}`);
+    }
   } catch (error) {
     console.warn("Could not load OAuth Protected Resource metadata, falling back to /.well-known/oauth-authorization-server", error)
   }

Original file line number	Diff line number	Diff line change
`@@ -110,6 +110,9 @@ export async function auth(`
`110`	`110`	`if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) {`
`111`	`111`	`authorizationServerUrl = resourceMetadata.authorization_servers[0];`
`112`	`112`	`}`
	`113`	`+ if (resourceMetadata.resource && resourceMetadata.resource !== resource.href) {`
	`114`	+ throw new Error(`Protected resource ${resourceMetadata.resource} does not match expected ${resource}`);
	`115`	`+ }`
`113`	`116`	`} catch (error) {`
`114`	`117`	`console.warn("Could not load OAuth Protected Resource metadata, falling back to /.well-known/oauth-authorization-server", error)`
`115`	`118`	`}`