Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity
logto/.changeset/nervous-apes-suffer.md
Gao Sun 239b81e31a
refactor: loose redirect uri restrictions (#6846) 
* refactor: loose redirect uri restrictions

* refactor: fix types and add tests

* chore: add changeset
2024-12-04 15:37:16 +08:00

929 B
Raw Permalink Blame History

@logto/integration-tests @logto/core-kit @logto/console @logto/phrases @logto/core
patch patch patch patch patch

loose redirect uri restrictions

Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.

This update relaxes restrictions on redirect URIs to allow the following:

  1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like https://example.com.
  2. Native schemes without a period (.). For example, myapp://callback is now allowed.

When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.

We hope this change will make it easier for you to integrate Logto with your applications.