throw error for invalid user uri

curveball / a12n-server

An open source lightweight OAuth2 server

Apache License 2.0

453 stars 49 forks source link

throw error for invalid user uri #348

Closed juhangsin closed 3 years ago

juhangsin commented 3 years ago

https://github.com/curveball/a12n-server/issues/295

this handles when mailto: isn't included for type user during POST for create-user & PUT for '/user/:userId/edit` process.

evert commented 3 years ago

Validating this is a good idea, but! We actually want to support all kinds of URIs, and not just mailto:. For example, a user might sign up with a tel: instead, or their blog (using http).

Maybe this can be changed to strictly validate that the identity is an absolute URI?

juhangsin commented 3 years ago

new PR this should check if it starts with mailto: tel: https:// http://