Skip to content

Remove redundant validation for redirect-uri #7706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jgrandja opened this issue Dec 6, 2019 · 0 comments
Closed

Remove redundant validation for redirect-uri #7706

jgrandja opened this issue Dec 6, 2019 · 0 comments
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Milestone
5.3.0.M1

Comments

@jgrandja
Copy link
Contributor

jgrandja commented Dec 6, 2019

The OAuth 2.0 implementations of AuthenticationProvider and ReactiveAuthenticationManager perform an exact match on OAuth2AuthorizationRequest.getRedirectUri() and OAuth2AuthorizationResponse.getRedirectUri(), which is redundant given that the exact matching is also happening in the associated Filter and WebFilter.

We should remove this double validation since the check will always pass if the AuthenticationProvider or ReactiveAuthenticationManager is called.
@jgrandja jgrandja added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Dec 6, 2019
@jgrandja jgrandja added this to the 5.3.0.M1 milestone Dec 6, 2019
@jgrandja jgrandja self-assigned this Dec 6, 2019
@spring-projects-issues spring-projects-issues added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.2.x labels Dec 6, 2019
Closed
Closed
jgrandja added a commit that referenced this issue Dec 6, 2019
@jgrandja
Remove redundant validation for redirect-uri
148b570 
Fixes gh-7706
jgrandja added a commit that referenced this issue Dec 6, 2019
@jgrandja
Remove redundant validation for redirect-uri
798c48e 
Fixes gh-7706
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0.M1
Development

No branches or pull requests
2 participants
@jgrandja @spring-projects-issues