vikunja/pkg/modules/auth
Tink bot c6bda7a2dd feat(oauth2server): accept loopback redirect URIs
Previously the OAuth server rejected every redirect_uri that did not start
with a vikunja- custom scheme. Native apps that cannot register a custom
scheme (e.g. CLIs, desktop tools) need loopback redirects per RFC 8252, so
also allow http://localhost, http://127.0.0.1 and http://[::1] (any port).
Non-loopback http:// and https:// targets remain rejected.

https://claude.ai/code/session_01LsTDrCJ7trE6WQ4FYf78UB
2026-05-07 22:03:49 +00:00
..
ldap fix(auth): skip profile updates for disabled LDAP users 2026-03-23 16:37:26 +00:00
oauth2server feat(oauth2server): accept loopback redirect URIs 2026-05-07 22:03:49 +00:00
openid fix(auth): tolerate string booleans in oidc provider config (#2599) 2026-04-11 19:10:26 +00:00
auth.go feat(auth): include is_admin in JWT claims 2026-04-20 18:55:06 +00:00