20576804091
69%

Ran 29 Dec 2025 03:55PM UTC

Jobs 1

Files 171

Run time 1min

Badge

Embed ▾

Committed 29 Dec 2025 03:47PM UTC coverage: 68.783% (+0.001%) from 68.782%

Build # 20576804091

Build Type

push

github

Committed by

web-flow

Commit Message

fix(oauth-server): allow custom URI schemes in client redirect URIs (#2298)

## Problem

Fixes #2285

The OAuth 2.0 Client Registration endpoin was incorrectly rejecting
custom URI schemes like `cursor://`, or `myapp://`, blocking native
application integrations.

## Root Cause
The validation logic in `validateRedirectURI()` was overly restrictive,
only allowing HTTPS or HTTP (localhost). This contradicted with **RFC
8252** (OAuth 2.0 for Native Apps) - recommends custom URI schemes

## Solution

Relaxed redirect URI validation

### New Validation Rules
  - **HTTPS** - always allowed
- **Custom URI schemes** - allowed for native apps (`cursor://`,
`myapp://`, `vscode://`, etc.)
- **HTTP** - only for localhost/loopback (`localhost`, `127.0.0.1`,
`::1`)
  - **Fragments** - still rejected per spec

Run Details

6 of 6 new or added lines in 1 file covered. (100.0%)

14743 of 21434 relevant lines covered (68.78%)

79.23 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	20576804091.1	29 Dec 2025 03:55PM UTC	171	68.78	GitHub Action Run

supabase / auth / 20576804091
69%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 20576804091

supabase / auth / 20576804091 69%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 20576804091

supabase / auth / 20576804091
69%

README BADGES
x