Open 6543 opened 3 years ago
Hey @techknowlogick @zeripath , auto-discover-url
is being used in runAddOauth()
& runUpdateOauth()
. I was thinking of adding check for valid URL in parseOAuth2Config()
so that it could be in a single place for everybody to use, but only runAddOauth()
uses this parse method. So any suggestions regarding where the check could be placed?
source: https://github.com/go-gitea/gitea/issues/9833#issuecomment-575866022
"...some feedback on whether the URL is correct (like checking the response of the URL to see that it does return something that looks like a .well-known/openid-configuration) rather than blindly accepting the URL would be a big improvement in user experience."