Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

UAA client create/update should accept wildcard in redirect_uri port

See original GitHub issue
uaac --debug client add test_client -i
New client secret:  ****
Verify new client secret:  ****
scope (list):
authorized grant types (list):  authorization_code
authorities (list):
access token validity (seconds):
refresh token validity (seconds):
redirect uri (list):  http://localhost:*/test/path
autoapprove (list):
signup redirect url (url):

error response:
  "error": "invalid_client",
  "error_description": "One of the redirect_uri is invalid: http://localhost:*/test/path"

Similar redirect URI patterns worked earlier but redirection with the saved clients also fail now. This hampers local development quite a lot because only a specified port can be used in the redirect URL definition

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:1
  • Comments:8 (6 by maintainers)

github_iconTop GitHub Comments

sreetummidicommented, Sep 28, 2017

@fhanik @jhamon @tnwang I had a discussion with the GE team yesterday. I have asked them to make the following changes in the PR.

  1. Introduce the concept of whitelisting allowed redirect uri protocols at the zone level The default is HTTP and HTTPS
  2. When clients are created which need redirect uri, we will validate against the zone whitelist of allowed protocols

Apart from this, this PR also contains allowing regex pattern for redirect port. I have asked them to keep these code changes intact within the PR

Thanks, Sree

tnwangcommented, Apr 11, 2018

Hi @6palace, could you let us know what use case the ports apply to? Is this something around how mobile applications utilize ports for redirect URIs?

We take PRs 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

CVE-2019-3788: UAA redirect-uri allows wildcard in the ...
Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a ...
Read more >
New Authorization Service and Using Wildcards
This redirect URI uses an unsupported wildcard character. The redirect URI must be an absolute URI. Does this mean that there is a...
Read more >
OAuth redirect_uri MUST support Wildcard ports for localhost
I have a client that has a requirement for a dynamic port. as This is on an authorization_code request. I looked at the...
Read more >
SAP BTP Connectivity
accepts client credentials only as authorization header, you must set the ... specified in that call, the same redirect URI must be used...
Read more >
Install Tanzu Kubernetes Grid Integrated Edition - VMware Docs
The No Proxy property for vSphere accepts wildcard domains denoted ... UAA redirect URIs configured in the TKGI cluster client redirect URIs ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found