fix(toolkit): support plus and hyphen in mobile uri scheme (#4434)

packages/console/src/pages/ApplicationDetails/components/Settings.tsx

@@ -1,5 +1,6 @@
+import { validateRedirectUrl } from '@logto/core-kit';
 import type { Application } from '@logto/schemas';
-import { ApplicationType, validateRedirectUrl } from '@logto/schemas';
+import { ApplicationType } from '@logto/schemas';
 import { useContext } from 'react';
 import { Controller, useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';

packages/schemas/src/foundations/jsonb-types.ts

@@ -1,4 +1,9 @@
-import { type PasswordPolicy, hexColorRegEx, passwordPolicyGuard } from '@logto/core-kit';
+import {
+  type PasswordPolicy,
+  hexColorRegEx,
+  passwordPolicyGuard,
+  validateRedirectUrl,
+} from '@logto/core-kit';
 import { languageTagGuard } from '@logto/language-kit';
 import { type DeepPartial } from '@silverhand/essentials';
 import type { Json } from '@withtyped/server';
@@ -37,22 +42,6 @@ export const oidcModelInstancePayloadGuard = z
 
 export type OidcModelInstancePayload = z.infer<typeof oidcModelInstancePayloadGuard>;
 
-// Import from @logto/core-kit later, pending for new version publish
-export const webRedirectUriProtocolRegEx = /^https?:$/;
-export const mobileUriSchemeProtocolRegEx = /^[a-z][\d_a-z]*(\.[\d_a-z]+)+:$/;
-
-export const validateRedirectUrl = (urlString: string, type: 'web' | 'mobile') => {
-  try {
-    const { protocol } = new URL(urlString);
-    const protocolRegEx =
-      type === 'mobile' ? mobileUriSchemeProtocolRegEx : webRedirectUriProtocolRegEx;
-
-    return protocolRegEx.test(protocol);
-  } catch {
-    return false;
-  }
-};
-
 export const oidcClientMetadataGuard = z.object({
   redirectUris: z
     .string()

packages/toolkit/core-kit/src/regex.ts

@@ -3,7 +3,7 @@ export const phoneRegEx = /^\d+$/;
 export const phoneInputRegEx = /^\+?[\d-( )]+$/;
 export const usernameRegEx = /^[A-Z_a-z]\w*$/;
 export const webRedirectUriProtocolRegEx = /^https?:$/;
-export const mobileUriSchemeProtocolRegEx = /^[a-z][\d_a-z]*(\.[\d_a-z]+)+:$/;
+export const mobileUriSchemeProtocolRegEx = /^[a-z][\d+_a-z-]*(\.[\d+_a-z-]+)+:$/;
 export const hexColorRegEx = /^#[\da-f]{3}([\da-f]{3})?$/i;
 export const dateRegex = /^\d{4}(-\d{2}){2}/;
 export const noSpaceRegEx = /^\S+$/;

packages/toolkit/core-kit/src/utils/url.test.ts

@@ -9,6 +9,8 @@ describe('url utilities', () => {
     expect(validateRedirectUrl('io.logto://my-app/callback', 'mobile')).toBeTruthy();
     expect(validateRedirectUrl('com.company://myDemoApp/callback', 'mobile')).toBeTruthy();
     expect(validateRedirectUrl('com.company://demo:1234', 'mobile')).toBeTruthy();
+    expect(validateRedirectUrl('io.logto.SwiftUI-Demo://callback', 'mobile')).toBeTruthy();
+    expect(validateRedirectUrl('io.logto.SwiftUI+Demo://callback', 'mobile')).toBeTruthy();
   });
 
   it('should detect invalid redirect URIs', () => {