Check only for the base URL and path. HEAD main

To allow the client to pass flags to the redirect_uri that the authorisation server has no interest in, check that only the "base" url (protocol, hostname/netlog and path) are registered, ignoring any query and fragment parameters.
author: Frederick Muriuki Muriithi 2026-02-10 14:54:37 -0600
committer: Frederick Muriuki Muriithi 2026-02-10 14:54:37 -0600
commit: 77b03164f7ee838e76ec6b565e5cda03f0571bfc (patch)
tree: 37f88b3d9114ab8bda6480c37e552e4ce6e0f3dd /gn_auth
parent: c621d7800fb5f6f2ad5588982fc609faa7dff34b (diff)
download: gn-auth-77b03164f7ee838e76ec6b565e5cda03f0571bfc.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/gn_auth/auth/authentication/oauth2/models/oauth2client.py b/gn_auth/auth/authentication/oauth2/models/oauth2client.py
index 1639e2e..fe12ff9 100644
--- a/gn_auth/auth/authentication/oauth2/models/oauth2client.py
+++ b/gn_auth/auth/authentication/oauth2/models/oauth2client.py
@@ -2,6 +2,7 @@
 import json
 import datetime
 from uuid import UUID
+from urllib.parse import urlparse
 from functools import cached_property
 from dataclasses import asdict, dataclass
 from typing import Any, Sequence, Optional
@@ -135,7 +136,9 @@ class OAuth2Client(ClientMixin):
         """
         Check whether the given `redirect_uri` is one of the expected ones.
         """
-        return redirect_uri in self.redirect_uris
+        uri = urlparse(redirect_uri)._replace(
+            query="")._replace(fragment="").geturl()
+        return uri in self.redirect_uris
 
     @cached_property
     def response_types(self) -> Sequence[str]:
author	Frederick Muriuki Muriithi	2026-02-10 14:54:37 -0600
committer	Frederick Muriuki Muriithi	2026-02-10 14:54:37 -0600
commit	77b03164f7ee838e76ec6b565e5cda03f0571bfc (patch)
tree	37f88b3d9114ab8bda6480c37e552e4ce6e0f3dd /gn_auth
parent	c621d7800fb5f6f2ad5588982fc609faa7dff34b (diff)
download	gn-auth-77b03164f7ee838e76ec6b565e5cda03f0571bfc.tar.gz