vikunja/pkg/modules/auth/oauth2server
Tink bot c6bda7a2dd feat(oauth2server): accept loopback redirect URIs
Previously the OAuth server rejected every redirect_uri that did not start
with a vikunja- custom scheme. Native apps that cannot register a custom
scheme (e.g. CLIs, desktop tools) need loopback redirects per RFC 8252, so
also allow http://localhost, http://127.0.0.1 and http://[::1] (any port).
Non-loopback http:// and https:// targets remain rejected.

https://claude.ai/code/session_01LsTDrCJ7trE6WQ4FYf78UB
2026-05-07 22:03:49 +00:00
..
authorize.go feat: add OAuth 2.0 authorize endpoint 2026-03-27 23:05:04 +00:00
client.go feat(oauth2server): accept loopback redirect URIs 2026-05-07 22:03:49 +00:00
client_test.go feat(oauth2server): accept loopback redirect URIs 2026-05-07 22:03:49 +00:00
pkce.go feat: add OAuth client validation and PKCE verification 2026-03-27 23:05:04 +00:00
pkce_test.go test: add tests for OAuth 2.0 authorization flow 2026-03-27 23:05:04 +00:00
token.go feat: add OAuth 2.0 token endpoint 2026-03-27 23:05:04 +00:00