Commit ce089244 authored by Brendan Early's avatar Brendan Early
Browse files

Bug 1635344 - Allow launchWebAuthFlow redirect URI to be set to loopback address. r=robwu, a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D88738
parent e591e32a
......@@ -49,6 +49,13 @@ this.identity = class extends ExtensionAPI {
// Validate the url and retreive redirect_uri if it was provided.
let url, redirectURI;
let baseRedirectURL = this.getRedirectURL();
// Allow using loopback address for native OAuth flows as some
// providers do not accept the URL provided by getRedirectURL.
// For more context, see bug 1635344.
let loopbackURL = `http://127.0.0.1/mozoauth2/${computeHash(
extension.id
)}`;
try {
url = new URL(details.url);
} catch (e) {
......@@ -58,7 +65,10 @@ this.identity = class extends ExtensionAPI {
redirectURI = new URL(
url.searchParams.get("redirect_uri") || baseRedirectURL
);
if (!redirectURI.href.startsWith(baseRedirectURL)) {
if (
!redirectURI.href.startsWith(baseRedirectURL) &&
!redirectURI.href.startsWith(loopbackURL)
) {
return Promise.reject({ message: "redirect_uri not allowed" });
}
} catch (e) {
......
......@@ -353,6 +353,37 @@ add_task(async function test_auto303Redirect() {
await extension.awaitMessage("done");
await extension.unload();
});
add_task(async function test_loopbackRedirectURI() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
applications: {
gecko: {
id: "identity@mozilla.org",
},
},
permissions: ["identity"],
},
async background() {
let redirectURL = "http://127.0.0.1/mozoauth2/35b64b676900f491c00e7f618d43f7040e88422e";
let actualRedirect = await browser.identity.launchWebAuthFlow({
interactive: true,
url: `https://example.com/tests/toolkit/components/extensions/test/mochitest/oauth.html?redirect_uri=${encodeURIComponent(redirectURL)}`
}).catch(error => {
browser.test.fail(error.message)
});
browser.test.assertTrue(
actualRedirect.startsWith(redirectURL),
"Expected redirect url to be loopback address"
)
browser.test.sendMessage("done");
},
});
await extension.startup();
await extension.awaitMessage("done");
await extension.unload();
});
</script>
</body>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment