vikunja/pkg/modules/auth/oauth2server
Tink bot aa1956e1aa fix(oauth2server): accept all loopback redirect forms
Hardcoding the three exact strings localhost / 127.0.0.1 / ::1 rejected
legitimate loopback redirects like 127.0.0.2:1234 (anywhere in 127.0.0.0/8)
or [0:0:0:0:0:0:0:1]:1234 (expanded IPv6 loopback). Use net.IP.IsLoopback()
to cover the full loopback ranges, and match "localhost" case-insensitively.
0.0.0.0 stays rejected as it is not a loopback address.

https://claude.ai/code/session_01LsTDrCJ7trE6WQ4FYf78UB
2026-05-07 22:03:49 +00:00
..
authorize.go feat: add OAuth 2.0 authorize endpoint 2026-03-27 23:05:04 +00:00
client.go fix(oauth2server): accept all loopback redirect forms 2026-05-07 22:03:49 +00:00
client_test.go fix(oauth2server): accept all loopback redirect forms 2026-05-07 22:03:49 +00:00
pkce.go feat: add OAuth client validation and PKCE verification 2026-03-27 23:05:04 +00:00
pkce_test.go test: add tests for OAuth 2.0 authorization flow 2026-03-27 23:05:04 +00:00
token.go feat: add OAuth 2.0 token endpoint 2026-03-27 23:05:04 +00:00