OAuth2 Redirects can be saved without entering a URL

[Aoichaan0513]

Description

In the OAuth2 redirect URL setting in the application, I am able to save without entering anything in the text box that appears after pressing [Add Redirect].

On the client side, a validation check is performed and an error is returned, but on the server side, either no check is performed or the validation is passed, so when the setting is saved, the redirect_uris in the response to GET /oauth2/applications/@me will not match the type described in the documentation. Therefore, if your bot library (e.g. JDA) was created according to the documented specification, the parsing of the result will fail.

Steps to Reproduce

1. Go to https://discord.com/developers/applications/<APPLICATION ID>/oauth2.
2. Add one item to the redirect URL and save it, leaving the added text box empty.
3. On the display, the border of the text box turns red to tell you that there is an error, but you can still save the settings.

Expected Behavior

It is desirable not to be able to save the settings by pressing the [Save] button.

Current Behavior

If the validation check fails, the settings will be saved. As a result, the result returned by GET /oauth2/applications/@me will not match the documented specification, and some libraries will fail to parse.

Screenshots/Videos

Developer Portal

GET /oauth2/applications/@me response

Client and System Information

Operating System: macOS Sonoma 14.6.1 (23G93) Browser: Google Chrome (127.0.6533.120)

[JustinBeckwith]

I believe this has been fixed and rolled out. Thanks for the bug report!

[Aoichaan0513]

Thank you for your quick response! I tried it, but it still has the same problem, because it has been corrected for adding an entry from a purely empty field, but not for emptying an entry field from one that already has an item.

[JustinBeckwith]

Are you able to delete these?