OIDC: only pass logo_uri, policy_uri, tos_uri if they conform to "common base" (#4748)

* OIDC: only pass logo_uri, policy_uri, tos_uri if they conform to "common base" Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-07-30 04:23:07 +03:00 · 2025-03-13 14:47:09 +00:00
parent 9f9be701e7
commit b14cc82682
2 changed files with 41 additions and 6 deletions
--- a/spec/unit/oidc/register.spec.ts
+++ b/spec/unit/oidc/register.spec.ts
@ -29,8 +29,8 @@ describe("registerOidcClient()", () => {
        redirectUris: [baseUrl],
        clientName,
        applicationType: "web",
-        tosUri: "http://tos-uri",
-        policyUri: "http://policy-uri",
+        tosUri: "https://just.testing/tos",
+        policyUri: "https://policy.just.testing",
        contacts: ["admin@example.com"],
    };
    const dynamicClientId = "xyz789";
@ -67,6 +67,8 @@ describe("registerOidcClient()", () => {
                id_token_signed_response_alg: "RS256",
                token_endpoint_auth_method: "none",
                application_type: "web",
+                tos_uri: "https://just.testing/tos",
+                policy_uri: "https://policy.just.testing",
            }),
        );
    });
@ -114,4 +116,24 @@ describe("registerOidcClient()", () => {
            ),
        ).rejects.toThrow(OidcError.DynamicRegistrationNotSupported);
    });
+
+    it("should filter out invalid URIs", async () => {
+        fetchMockJest.post(delegatedAuthConfig.registration_endpoint!, {
+            status: 200,
+            body: JSON.stringify({ client_id: dynamicClientId }),
+        });
+        expect(
+            await registerOidcClient(delegatedAuthConfig, {
+                ...metadata,
+                tosUri: "http://just.testing/tos",
+                policyUri: "https://policy-uri/",
+            }),
+        ).toEqual(dynamicClientId);
+        expect(JSON.parse(fetchMockJest.mock.calls[0][1]!.body as string)).not.toEqual(
+            expect.objectContaining({
+                tos_uri: "http://just.testing/tos",
+                policy_uri: "https://policy-uri/",
+            }),
+        );
+    });
 });