From ae9a2095e952af1413c3e70a75455552718e3db3 Mon Sep 17 00:00:00 2001
From: Paul Robert Lloyd <me+git@paulrobertlloyd.com>
Date: Sun, 25 Aug 2024 19:37:42 +0100
Subject: [PATCH] fix(endpoint-auth): validate client_id against local
 client.id

---
 packages/endpoint-auth/lib/middleware/code.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/endpoint-auth/lib/middleware/code.js b/packages/endpoint-auth/lib/middleware/code.js
index 2c22cb491..821daf05c 100644
--- a/packages/endpoint-auth/lib/middleware/code.js
+++ b/packages/endpoint-auth/lib/middleware/code.js
@@ -38,7 +38,7 @@ export const codeValidator = (request, response, next) => {
     }
 
     // Validate `client_id` against that provided in authorization request
-    if (getCanonicalUrl(client_id) !== getCanonicalUrl(client.url)) {
+    if (getCanonicalUrl(client_id) !== getCanonicalUrl(client.id)) {
       throw IndiekitError.unauthorized(
         response.locals.__("BadRequestError.invalidValue", "client_id"),
       );