Skip to content

Allow for multiple redirect URIs in OAuth application UI #25068

New issue
New issue
Closed
#25072
Closed
Allow for multiple redirect URIs in OAuth application UI#25068
#25072
Labels
proposal/acceptedWe have reviewed the proposal and agree that it should be implemented like that/at all.type/featureCompletely new functionality. Can only be merged if feature freeze is not active.type/proposalThe new feature has not been accepted yet but needs to be discussed first.
@denyskon

Description

@denyskon
denyskon
opened on Jun 4, 2023

Feature Description

It is already possible to create an OAuth application with multiple redirect URIs over the API. It would be great if it also would be possible to do this through the UI.
I propose a comma-separated list, like https://uri1.org/admin/,https://cms.uri2.com,https://uri3.net/cms/

Screenshots

No response

Activity

denyskon
added
type/featureCompletely new functionality. Can only be merged if feature freeze is not active.
type/proposalThe new feature has not been accepted yet but needs to be discussed first.
on Jun 4, 2023
denyskon
changed the title [-]Allow for multiple redirect URIs in OAuth application[/-] [+]Allow for multiple redirect URIs in OAuth application UI[/+] on Jun 4, 2023
wxiaoguang

wxiaoguang commented on Jun 4, 2023

@wxiaoguang
wxiaoguang
on Jun 4, 2023
Contributor
denyskon

denyskon commented on Jun 4, 2023

@denyskon
denyskon
on Jun 4, 2023
MemberAuthor

I think you're mixing up things. The linked approach talks about unpredictable wildcard uris, but I mean a predictable set of URIs which is already partially supported. As far as I understand the code, we already save the URIs as a string list, and over API I'm already able to set multiple URIs.
Personally I would need it because I want my CMS to be accessible over different URLs and do not want to register multiple OAuth apps for it.

The way to support it would be just treating the input value of the field as a comma-separated list and splitting it afterwards.

wxiaoguang

wxiaoguang commented on Jun 4, 2023

@wxiaoguang
wxiaoguang
on Jun 4, 2023
Contributor

You are right, RFC says "The authorization server MUST require public clients and SHOULD require confidential clients to register their redirection URIs.", so predictable pre-registered URLs are safe.

yardenshoham
added
proposal/acceptedWe have reviewed the proposal and agree that it should be implemented like that/at all.
on Jun 4, 2023
denyskon
mentioned this on Jun 4, 2023
lunny
closed this as completedin #25072on Jun 5, 2023
lunny
added a commit that references this issue on Jun 5, 2023

Add ability to set multiple redirect URIs in OAuth application UI (#2…

ca35dec
github-actions
locked as resolved and limited conversation to collaborators on Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    proposal/acceptedWe have reviewed the proposal and agree that it should be implemented like that/at all.type/featureCompletely new functionality. Can only be merged if feature freeze is not active.type/proposalThe new feature has not been accepted yet but needs to be discussed first.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @wxiaoguang@yardenshoham@denyskon

      Issue actions
        Allow for multiple redirect URIs in OAuth application UI · Issue #25068 · go-gitea/gitea