starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-28 19:09:10 +03:00
Code Issues 61 Packages Projects Releases 11 Wiki Activity

🐛 Bug Report: Pocket ID choosing incorrect redirect uri when multiple are present #100

New Issue
Closed
opened 2026-02-04 17:16:11 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2026-02-04 17:16:11 +03:00
Owner
Copy Link

Originally created by @polds on GitHub (Jan 17, 2025).

Reproduction steps

  • Setup an OIDC client with multiple Redirect URIs - In my case this was for Synology DSM so I have nas.mydomain, files.mydomain, drive.mydomain, etc.
  • Attempt to login to something like nas.mydomain

Expected behavior

I expected the Redirect URI of nas.mydomain to be used.

Actual Behavior

files.mydomain is being used instead which doesn't complete the auth flow for Synology.

Originally created by @polds on GitHub (Jan 17, 2025). ### Reproduction steps - Setup an OIDC client with multiple Redirect URIs - In my case this was for Synology DSM so I have `nas.mydomain`, `files.mydomain`, `drive.mydomain`, etc. - Attempt to login to something like `nas.mydomain` ### Expected behavior I expected the Redirect URI of `nas.mydomain` to be used. ### Actual Behavior `files.mydomain` is being used instead which doesn't complete the auth flow for Synology.
OVERLORD added the bug label 2026-02-04 17:16:11 +03:00
OVERLORD commented 2026-02-04 17:16:37 +03:00
Author
Owner
Copy Link

@cchance27 commented on GitHub (Jan 17, 2025):

Thats odd, i'm running the dev build (the one for the one time access test) but i have 6-7 callback urls and it seems to work for each of them fine :S

@cchance27 commented on GitHub (Jan 17, 2025): Thats odd, i'm running the dev build (the one for the one time access test) but i have 6-7 callback urls and it seems to work for each of them fine :S
OVERLORD commented 2026-02-04 17:16:41 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub (Jan 17, 2025):

Which redirect URL gets sent by the client?

When you sign in on the client, you are redirected to Pocket ID. The current URL should contain the client’s redirect URL. For example:

https://pocket.id/authorize?response_type=code&redirect_uri=https%3A%2F%2Fnextcloud.com%2Fapps%2Foidc_login%2Foidc&client_id=e2a1a282-1366-4047-bf21-ca67e8b842bd&nonce=5fa06ddc65819fa53f93ed7c309&state=27da7d0b26ec6529b8452a839&scope=openid+profile+email
@stonith404 commented on GitHub (Jan 17, 2025): Which redirect URL gets sent by the client? When you sign in on the client, you are redirected to Pocket ID. The current URL should contain the client’s redirect URL. For example: ``` https://pocket.id/authorize?response_type=code&redirect_uri=https%3A%2F%2Fnextcloud.com%2Fapps%2Foidc_login%2Foidc&client_id=e2a1a282-1366-4047-bf21-ca67e8b842bd&nonce=5fa06ddc65819fa53f93ed7c309&state=27da7d0b26ec6529b8452a839&scope=openid+profile+email ```
OVERLORD commented 2026-02-04 17:16:49 +03:00
Author
Owner
Copy Link

@polds commented on GitHub (Jan 18, 2025):

ah yeah hmm. It seems Synology is the one passing the incorrect Redirect URI. I'll close this out and figure out why Synology is sending the wrong Redirect URI.

@polds commented on GitHub (Jan 18, 2025): ah yeah hmm. It seems Synology is the one passing the incorrect Redirect URI. I'll close this out and figure out why Synology is sending the wrong Redirect URI.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
bug
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#100
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?