vikunja/pkg/modules/auth
Tink bot aa1956e1aa fix(oauth2server): accept all loopback redirect forms
Hardcoding the three exact strings localhost / 127.0.0.1 / ::1 rejected
legitimate loopback redirects like 127.0.0.2:1234 (anywhere in 127.0.0.0/8)
or [0:0:0:0:0:0:0:1]:1234 (expanded IPv6 loopback). Use net.IP.IsLoopback()
to cover the full loopback ranges, and match "localhost" case-insensitively.
0.0.0.0 stays rejected as it is not a loopback address.

https://claude.ai/code/session_01LsTDrCJ7trE6WQ4FYf78UB
2026-05-07 22:03:49 +00:00
..
ldap fix(auth): skip profile updates for disabled LDAP users 2026-03-23 16:37:26 +00:00
oauth2server fix(oauth2server): accept all loopback redirect forms 2026-05-07 22:03:49 +00:00
openid fix(auth): tolerate string booleans in oidc provider config (#2599) 2026-04-11 19:10:26 +00:00
auth.go feat(auth): include is_admin in JWT claims 2026-04-20 18:55:06 +00:00