DeforaNetworks/corteza
DeforaNetworks/corteza
3
0
Fork 0
Code

Remove RedirectURI provisioning for def. client

Browse Source 
This caused too much confusion on simple setup.
For sites that need more secure setup, this can be filled-in at the
later point
This commit is contained in:
Denis Arh 2021-04-13 13:42:06 +02:00
parent 315596c603
commit dca7a7fde2
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/provision/provision.go
View File

@ -2,7 +2,6 @@ package provision
import (
"context"
"fmt"
"github.com/cortezaproject/corteza-server/pkg/errors"
"github.com/cortezaproject/corteza-server/pkg/id"
"github.com/cortezaproject/corteza-server/pkg/options"
@ -11,7 +10,6 @@ import (
"github.com/cortezaproject/corteza-server/system/service"
"github.com/cortezaproject/corteza-server/system/types"
"go.uber.org/zap"
url "net/url"
"time"
)
@ -58,9 +56,12 @@ func defaultAuthClient(ctx context.Context, log *zap.Logger, s store.AuthClients
},
ValidGrant: "authorization_code",
RedirectURI: func() string {
baseURL, _ := url.Parse(authOpt.BaseURL)
return fmt.Sprintf("%s://%s", baseURL.Scheme, baseURL.Hostname())
// Disabling protection by redirection URL for now, it caused too much confusion on simple setups
//baseURL, _ := url.Parse(authOpt.BaseURL)
//return fmt.Sprintf("%s://%s", baseURL.Scheme, baseURL.Hostname())
return ""
}(),
Secret: string(rand.Bytes(64)),
Scope: "profile api",
Enabled: true,