n2ygk
commented
1 month ago Feel free to submit a small PR to add this. Make sure you include updated tests. Thanks.
Open Kanellaman opened 2 months ago
n2ygk
commented
1 month ago Feel free to submit a small PR to add this. Make sure you include updated tests. Thanks.
Problem Description
The library currently supports loopback redirect URIs with the
httpscheme for the addresses127.0.0.1and::1without specifying a port, aligning with the best practices for OAuth2 applications on native devices as per RFC8252. However, the hostnamelocalhost, which is commonly used and interchangeable with127.0.0.1in most development environments, is not explicitly supported. This can lead to slight confusion as developers are required to use IP addresses directly, which may not always be ideal, particularly in environments wherelocalhostis prevalently used.Proposed Change
I propose that we extend the validation logic to include
localhostas a recognized hostname for loopback addresses. This change would allow developers to uselocalhostin redirect URIs without having to resort to numeric IP addresses, thus enhancing usability and consistency across different development setups. Current Validation LineChange to:
Rationale
Including
localhostin the list of valid loopback addresses would enhance the developer experience and align the library with common development practices wherelocalhostis preferred over direct IP addresses. It's a minor change that could make the library more intuitive and user-friendly without compromising security or functionality, aslocalhostis effectively synonymous with127.0.0.1and::1within the context of loopback addresses.Impact
This change would be backward-compatible, broadening the validation scope to include an additional, commonly used hostname. It will benefit developers by allowing more flexibility in redirect URI configurations without negatively impacting existing implementations.