Comments (4)
The only difference is that for the oauth2 provider, redirect URIs are validated against the list, and for a normal logins, only relative URIs are allowed.
But since the redirect comes from the OAuthFulfillmentStage
and not the flow executor, this is very easy to add.
from authentik.
Sounds good, do you happen to have a stacktrace where that error is thrown?
The only interesting thing about this could be validating the destination URI, since IIRC the final redirect is done by the FlowExecutor, and not the OAuth Provider
from authentik.
Would the validation of the redirect URI with a custom scheme be any different compared to the HTTPS scheme?
Traceback (most recent call last):
File "/authentik/flows/views.py", line 152, in get
stage_response = self.current_stage_view.get(request, *args, **kwargs)
File "/authentik/providers/oauth2/views/authorize.py", line 264, in get
return redirect(self.create_response_uri())
File "/usr/local/lib/python3.9/site-packages/django/shortcuts.py", line 41, in redirect
return redirect_class(resolve_url(to, *args, **kwargs))
File "/usr/local/lib/python3.9/site-packages/django/http/response.py", line 504, in init
raise DisallowedRedirect("Unsafe redirect to URL with protocol %s" % parsed.scheme)
django.core.exceptions.DisallowedRedirect: Unsafe redirect to URL with protocol 'com.example.app'
from authentik.
This seems to be broken again starting with 2024.2.0
from authentik.
Related Issues (20)
- Authentik LDAP authentication
- Can't create app password on 2024.4.0 HOT 1
- Authentik broken after upgrade to version 2024.4.0: Unauthenticated after login HOT 14
- Unable to log into anything after upgrade 2024.2.2 -> 2024.4.0 HOT 1
- Using invitation data in expression policies during prompt validation HOT 3
- Sync groups as members of other groups from LDAP source (Active Directory) / Nested Groups sync.
- GET /api/v3/flows/executor/default-authentication-flow/ HOT 1
- Policy on enrollment no longer working in `2024.4` resulting in `UserSourceConnection has no user.` HOT 3
- Authentik crashing (after Redis timeout)
- Uploading icons to a default install with Docker Compose HOT 1
- Expression policy error `builtins.KeyError: 'flow_plan'` HOT 3
- authentik ldap source synchronizes other authentik ldap outposts,How to synchronize all users?
- Remove flow inspector HOT 2
- What permission is required for a service account to create/edit token for users?
- LDAP Property Mapping not working HOT 1
- Create app password with Default token duration expiring time like token
- Failed to start metrics server HOT 1
- LDAP Outpost will refuse to start until an Application is created that uses it HOT 1
- Passwordless not working on 2024.4.1 HOT 7
- LDAP source: internal password is written after password change (without "update internal password on login")
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.