oidc-provider - npm Package Compare versions

Comparing version 2.0.0-alpha.1.4.0 to 2.0.0-alpha.1.4.1

CHANGELOG.md

@@ -21,2 +21,6 @@ # oidc-provider CHANGELOG
 
+## Version 1.4.1
+- [DIFF](https://github.com/panva/node-oidc-provider/compare/v1.4.0...v1.4.1)
+- fixed custom uri scheme native clients hostname validations
+
 ## Version 1.4.0
@@ -23,0 +27,0 @@ - [DIFF](https://github.com/panva/node-oidc-provider/compare/v1.3.0...v1.4.0)

lib/helpers/client_schema.js

@@ -411,4 +411,6 @@ 'use strict';
       this.redirect_uris = _.map(this.redirect_uris, (redirectUri) => {
-        if (redirectUri.startsWith('http:')) { // this removes the port component, making dynamic ports allowed
-          return url.format(Object.assign(url.parse(redirectUri), {
+        const parsed = url.parse(redirectUri);
+        // remove the port component, making dynamic ports allowed for loopback uris
+        if (parsed.protocol === 'http:' && LOOPBACKS.indexOf(parsed.hostname) !== -1) {
+          return url.format(Object.assign(parsed, {
             host: null,
@@ -463,5 +465,2 @@ port: null,
                 default: // App-declared Custom URI Scheme Redirection
-                  if (uri.hostname !== 'localhost') {
-                    invalidate('redirect_uris for native clients using custom URI scheme must be using localhost as hostname');
-                  }
               }
@@ -473,3 +472,3 @@ } else {
 
-              if (url.parse(redirectUri).hostname !== 'localhost') {
+              if (redirectUri.startsWith('http:') && url.parse(redirectUri).hostname !== 'localhost') {
                 invalidate('redirect_uris for native clients must be using localhost as hostname');
@@ -476,0 +475,0 @@ }

lib/models/client.js

@@ -22,2 +22,3 @@ 'use strict';
 const KEY_TYPES = ['RSA', 'EC'];
+const LOOPBACKS = ['localhost', '127.0.0.1', '::1'];
 
@@ -228,10 +229,14 @@ function handled(kty) { return KEY_TYPES.indexOf(kty) !== -1; }
       const checkedUri = (() => {
-        if (this.applicationType === 'native' &&
+        if (
+          this.applicationType === 'native' &&
           redirectUri.startsWith('http:') &&
           instance(provider).configuration('features.oauthNativeApps')
         ) {
-          return url.format(Object.assign(url.parse(redirectUri), {
-            host: null,
-            port: null,
-          }));
+          const parsed = url.parse(redirectUri);
+          if (LOOPBACKS.indexOf(parsed.hostname) !== -1) {
+            return url.format(Object.assign(parsed, {
+              host: null,
+              port: null,
+            }));
+          }
         }
@@ -238,0 +243,0 @@

package.json

@@ -64,3 +64,3 @@ {
   },
-  "version": "2.0.0-alpha.1.4.0",
+  "version": "2.0.0-alpha.1.4.1",
   "files": [
@@ -67,0 +67,0 @@ "lib"

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

204493

increased by0.13%

Lines of code

4896

increased by0.08%

No dependency changes