Wildcard support for doorkeeper redirect URIs

Question

I have a Ruby on Rails application using Oauth 2.0 implemented using the doorkeeper gem (1.3.0).

I am trying to set up a wildcard redirect uri (e.g., http://*.mydomain.com/redirected). However, this doesn't seem to be possible. In the doorkeeper-mounted route /oauth/applications, if I type in a wildcard url it says Must be a valid uri.

Is there a configuration or way to patch doorkeeper in order to get this functionality? I need the * wildcard to pass validation during the registration of a new application and also need it to work at the client authorization endpoint.

Answer 1

It looks like support for wildcard Redirect URIs was removed in Doorkeeper 2.1.1.

You can see some reasoning in this commit: https://github.com/doorkeeper-gem/doorkeeper/commit/fd57c475f4fb954faa62d7973d6c8382b5b6401f

And some further discussion here: https://github.com/doorkeeper-gem/doorkeeper/pull/437

Answer 2

I came across this too, thought about it for a while then checked the specification. This would be a direct violation of the specification of Oauth.

3.1.2. Redirection Endpoint

After completing its interaction with the resource owner, the authorization server directs the resource owner's user-agent back to the client. The authorization server redirects the user-agent to the client's redirection endpoint previously established with the authorization server during the client registration process or when making the authorization request.

The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters. The endpoint URI MUST NOT include a fragment component.

Source