Skip to content

Relax redirect URL matching for the forward slash path case #710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Relax redirect URL matching for the forward slash path case #710

Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a47efa3
Update OIDAuthorizationService.m
AlexPlekhov Jun 10, 2022
19937e2
Merge branch 'openid:master' into issues-446-1
AlexPlekhov Aug 18, 2022
92d8645
Apply the 'matchesRedirectionURL' checks to consider a path value of …
AlexPlekhov Aug 18, 2022
20e4fba
Increase indent from 2 to 4.
AlexPlekhov Sep 12, 2022
5904646
Update OIDAuthorizationService.m
AlexPlekhov Oct 24, 2022
b2ff2c0
Merge branch 'master' into issues-446-1
AlexPlekhov Nov 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion Source/AppAuthCore/OIDAuthorizationService.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,13 +107,20 @@ - (void)cancelWithCompletion:(nullable void (^)(void))completion {
+ (BOOL)URL:(NSURL *)URL matchesRedirectionURL:(NSURL *)redirectionURL {
NSURL *standardizedURL = [URL standardizedURL];
NSURL *standardizedRedirectURL = [redirectionURL standardizedURL];
// Some servers adds '/' to the end when there is no 'path'. To relax the equality rules below
// were decided to normalize pathes. So, pathes like '' are the same to '/' now.
// Read more https://github.com/openid/AppAuth-iOS/issues/446
NSString *normalizedPath = [standardizedURL.path isEqualToString:@"/"] ? @""
: standardizedURL.path;
NSString *normalizedRedirectPath = [standardizedRedirectURL.path isEqualToString:@"/"] ? @""
: standardizedRedirectURL.path;

return [standardizedURL.scheme caseInsensitiveCompare:standardizedRedirectURL.scheme] == NSOrderedSame
&& OIDIsEqualIncludingNil(standardizedURL.user, standardizedRedirectURL.user)
&& OIDIsEqualIncludingNil(standardizedURL.password, standardizedRedirectURL.password)
&& OIDIsEqualIncludingNil(standardizedURL.host, standardizedRedirectURL.host)
&& OIDIsEqualIncludingNil(standardizedURL.port, standardizedRedirectURL.port)
&& OIDIsEqualIncludingNil(standardizedURL.path, standardizedRedirectURL.path);
&& OIDIsEqualIncludingNil(normalizedPath, normalizedRedirectPath);
}

- (BOOL)shouldHandleURL:(NSURL *)URL {
Expand Down