search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.52k stars 1.12k forks source link

Enable non-constant port for http://localhost redirect URLs for Native App clients #1190

Closed Nikita128 closed 3 years ago

Nikita128 commented 3 years ago

Native App client is using loopback interface (listens on http:localhost:) to accept an authorization code sent via redirect URL from an authorization endpoint. But OAuth 2.0 server seems not to support random ports for localhost redirect URLs if a client is a Native App, but it's stated in the specification that the authorization server must support this feature.

The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request.

So it would be great if you would add this feature to new iterations of your product (or if it's possible to do this with some existing versions it would be great to know).

Looking forward to your response!

Nikita128 commented 3 years ago

I've noticed in your documentation that you haven't yet implemented RFC 8252. Does it mean that this feature will come with full RFC 8252 support or is it possible to implement somehow separate from it?

Sephster commented 3 years ago

Apologies for the delay in responding @Nikita128 - this is something we'd be happy to support. If you want to submit a PR we'd be happy to take a look at it.

I'm going to close this in favour of #1188 as it was open first. Thanks