From b938bc7c526da6c28356eb774f74f9c3f0aee674 Mon Sep 17 00:00:00 2001 From: Kagami Sascha Rosylight Date: Wed, 14 Jun 2023 23:43:15 +0200 Subject: [PATCH] more description about client id validation --- packages/backend/src/server/oauth/OAuth2ProviderService.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index 4a07758796..c2a57adb3c 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -26,7 +26,9 @@ import { LoggerService } from '@/core/LoggerService.js'; import Logger from '@/logger.js'; import type { FastifyInstance } from 'fastify'; -// https://indieauth.spec.indieweb.org/#client-identifier +// Follows https://indieauth.spec.indieweb.org/#client-identifier +// This is also mostly similar to https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation +// although Google has stricter rule. function validateClientId(raw: string): URL { // Clients are identified by a [URL]. const url = ((): URL => {