allow any redirect_uri if the app isn't approved

2021-04-01 18:04:45 +02:00 · 2021-04-01 18:04:45 +02:00 · 085dec069b
parent 03976ea1c2
commit 085dec069b
1 changed files with 2 additions and 1 deletions
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@ -78,8 +78,9 @@ def authorize():

    # check if redirect_uri is valid
    # allow localhost by default
+    # allow any redirect_uri if the app isn't approved
    hostname, scheme = get_host_name_and_scheme(redirect_uri)
-    if hostname != "localhost" and hostname != "127.0.0.1":
+    if hostname != "localhost" and hostname != "127.0.0.1" and client.approved:
        # support custom scheme for mobile app
        if scheme == "http":
            final_redirect_uri = f"{redirect_uri}?error=http_not_allowed"