Open patrick91 opened 8 months ago
That's strictly against the OAuth spec:
redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the
authorization request as described in [Section 4.1.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1), and their
values MUST be identical.
If it's just Buffer, I'm not entirely inclined to fix it unless other stuff starts doing it too?
I was trying to setup buffer today, and their redirect uri looks something like this: https://account.buffer.com/channels/connect?connectingMastodon=true&server=serverName&followBuffer=false
Which seems to break the check in here: https://github.com/jointakahe/takahe/blob/1ceef59becff921402c03504e434793702c35f5d/api/views/oauth.py#L91-L97
Putting the full URL worked in the application object worked, so I was wondering if we should ignore query params 😊