Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AX-29019: Implement wildcard redirect URI support
This change introduces restricted support for wildcard matching of client redirectURIs. Using wildcards for redirectURIs introduces a security risk in production environments and should be used with caution in non-production environments only. In development environments, the use of wildcards allows for simpler management of Dex and client application deployments. Wildcard support has been limited to the following rules, which are taken from Okta's implementation of the same feature: - Any configured redirect URIs may contain a single * character in the lowest-level domain (for example, https://redirect-*-domain.example.com/oidc/redirect) to act as a wildcard. - The wildcard subdomain must have at least one subdomain between it and the top level domain. - The wildcard can match any valid hostname characters, but can’t span more than one domain. For example, if https://redirect-*-domain.example.com/oidc/redirect is configured as a redirect URI, then https://redirect-1-domain.example.com/oidc/redirect and https://redirect-sub-domain.example.com/oidc/redirect match, but https://redirect-1.sub-domain.example.com/oidc/redirect doesn’t match. - Only the https URI scheme can use wildcard redirect URIs.
- Loading branch information