providers/oauth2: use regex to check redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2799
2022-05-18 20:45:58 +02:00
parent 450a26d1b5
commit 11f7935155
3 changed files with 11 additions and 19 deletions
--- a/website/docs/releases/v2022.5.md
+++ b/website/docs/releases/v2022.5.md
@ -9,6 +9,10 @@ slug: "2022.5"

    This requires some reconfiguration on both Twitter's and authentik's side. Check out the new Twitter integration docs [here](../../integrations/sources/twitter/)

+-   OAuth Provider: Redirect URIs are now checked using regular expressions
+
+    Allowed Redirect URIs now accepts regular expressions to check redirect URIs to support wildcards. In most cases this will not change anything, however casing is also important now. Meaning if your redirect URI is "https://Foo.bar" and allowed is "https://foo.bar", authorization will not be allowed. Additionally, the special handling when _Redirect URIs/Origins_ is set to `*` has been removed. To get the same behaviour, set _Redirect URIs/Origins_ to `.+`.
+
 ## New features

 -   LDAP Outpost cached binding