Check URL on Create OpenID Connect provider

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

https://gitea.com

MIT License

43.12k stars 5.32k forks source link

Check URL on Create OpenID Connect provider #12948

Open 6543 opened 3 years ago

6543 commented 3 years ago

source: https://github.com/go-gitea/gitea/issues/9833#issuecomment-575866022

"...some feedback on whether the URL is correct (like checking the response of the URL to see that it does return something that looks like a .well-known/openid-configuration) rather than blindly accepting the URL would be a big improvement in user experience."

siddhant94 commented 3 years ago

Hey @techknowlogick @zeripath , auto-discover-url is being used in runAddOauth() & runUpdateOauth() . I was thinking of adding check for valid URL in parseOAuth2Config() so that it could be in a single place for everybody to use, but only runAddOauth() uses this parse method. So any suggestions regarding where the check could be placed?