supported custom validateRedirectUri

Francesco Stefanni · Francesco Stefanni · commit 3df52fdf2c32 · 2021-12-05T14:11:34.000+01:00
diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js
@@ -160,6 +160,7 @@ AuthorizeHandler.prototype.getAuthorizationCodeLifetime = function() {
  */
 
 AuthorizeHandler.prototype.getClient = function(request) {
+  const self = this;
   const clientId = request.body.client_id || request.query.client_id;
 
   if (!clientId) {
@@ -193,7 +194,11 @@ AuthorizeHandler.prototype.getClient = function(request) {
         throw new InvalidClientError('Invalid client: missing client `redirectUri`');
       }
 
-      if (redirectUri && !client.redirectUris.includes(redirectUri)) {
+      if (redirectUri && typeof self.model.validateRedirectUri === 'function') {
+        if (self.model.validateRedirectUri(redirectUri, client.redirectUris)) {
+          throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value');
+        }
+      } else if (redirectUri && !client.redirectUris.includes(redirectUri)) {
         throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value');
       }
       return client;
