Previously the OAuth server rejected every redirect_uri that did not start with a vikunja- custom scheme. Native apps that cannot register a custom scheme (e.g. CLIs, desktop tools) need loopback redirects per RFC 8252, so also allow http://localhost, http://127.0.0.1 and http://[::1] (any port). Non-loopback http:// and https:// targets remain rejected. https://claude.ai/code/session_01LsTDrCJ7trE6WQ4FYf78UB |
||
|---|---|---|
| .. | ||
| authorize.go | ||
| client.go | ||
| client_test.go | ||
| pkce.go | ||
| pkce_test.go | ||
| token.go | ||