starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🐛 Bug Report: Pocket ID choosing incorrect redirect uri when multiple are present #401

New Issue
Closed
opened 2025-10-07 00:13:36 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2025-10-07 00:13:36 +03:00
Owner
Copy Link

Originally created by @polds on GitHub.

Reproduction steps

  • Setup an OIDC client with multiple Redirect URIs - In my case this was for Synology DSM so I have nas.mydomain, files.mydomain, drive.mydomain, etc.
  • Attempt to login to something like nas.mydomain

Expected behavior

I expected the Redirect URI of nas.mydomain to be used.

Actual Behavior

files.mydomain is being used instead which doesn't complete the auth flow for Synology.

Originally created by @polds on GitHub. ### Reproduction steps - Setup an OIDC client with multiple Redirect URIs - In my case this was for Synology DSM so I have `nas.mydomain`, `files.mydomain`, `drive.mydomain`, etc. - Attempt to login to something like `nas.mydomain` ### Expected behavior I expected the Redirect URI of `nas.mydomain` to be used. ### Actual Behavior `files.mydomain` is being used instead which doesn't complete the auth flow for Synology.
OVERLORD added the bug label 2025-10-07 00:13:36 +03:00
OVERLORD commented 2025-10-07 00:13:39 +03:00
Author
Owner
Copy Link

@polds commented on GitHub:

ah yeah hmm. It seems Synology is the one passing the incorrect Redirect URI. I'll close this out and figure out why Synology is sending the wrong Redirect URI.

@polds commented on GitHub: ah yeah hmm. It seems Synology is the one passing the incorrect Redirect URI. I'll close this out and figure out why Synology is sending the wrong Redirect URI.
OVERLORD commented 2025-10-07 00:13:39 +03:00
Author
Owner
Copy Link

@cchance27 commented on GitHub:

Thats odd, i'm running the dev build (the one for the one time access test) but i have 6-7 callback urls and it seems to work for each of them fine :S

@cchance27 commented on GitHub: Thats odd, i'm running the dev build (the one for the one time access test) but i have 6-7 callback urls and it seems to work for each of them fine :S
OVERLORD commented 2025-10-07 00:13:39 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Which redirect URL gets sent by the client?

When you sign in on the client, you are redirected to Pocket ID. The current URL should contain the client’s redirect URL. For example:

https://pocket.id/authorize?response_type=code&redirect_uri=https%3A%2F%2Fnextcloud.com%2Fapps%2Foidc_login%2Foidc&client_id=e2a1a282-1366-4047-bf21-ca67e8b842bd&nonce=5fa06ddc65819fa53f93ed7c309&state=27da7d0b26ec6529b8452a839&scope=openid+profile+email
@stonith404 commented on GitHub: Which redirect URL gets sent by the client? When you sign in on the client, you are redirected to Pocket ID. The current URL should contain the client’s redirect URL. For example: ``` https://pocket.id/authorize?response_type=code&redirect_uri=https%3A%2F%2Fnextcloud.com%2Fapps%2Foidc_login%2Foidc&client_id=e2a1a282-1366-4047-bf21-ca67e8b842bd&nonce=5fa06ddc65819fa53f93ed7c309&state=27da7d0b26ec6529b8452a839&scope=openid+profile+email ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#401
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?