• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

supabase / auth
68%
master: 68%

Build:
Build:
LAST BUILD BRANCH: hf/openid-configuration
DEFAULT BRANCH: master
Repo Added 27 Mar 2024 06:02AM UTC
Token 4bwRC3LZFPF44ZxCFKL8wNnCqKD2BNicB regen
Build 1189 Last
Files 166
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH hf/redirect-url-fragment
branch: hf/redirect-url-fragment
CHANGE BRANCH
x
Reset
Sync Branches
  • hf/redirect-url-fragment
  • add-max-length-check-for-email
  • add-phone-number-in-sms-webhook
  • bewinxed/webauthn-persist-latest-attestation
  • bewinxed/webauthn-support
  • bo/docs/readme-code-syntax
  • bugfix/bootstrapping
  • cemal/add-checksums-to-release-notes
  • cemal/audit-log-stdout
  • cemal/audit-logs-prevent-only-writing-postgres
  • cemal/ci-fix-yaml-syntax-error
  • cemal/enhance-record-login-calls
  • cemal/facebook-limited-login-support
  • cemal/feat-add-oauth-authorize-endpoint
  • cemal/feat-add-oauth-client-type
  • cemal/feat-add-oauth-token-endpoint
  • cemal/feat-add-regenerate-client-secret
  • cemal/feat-add-well-known-oauth-auth-server
  • cemal/feat-enhance-url-check-issuer
  • cemal/feat-facebook-limited-login-skip-nonce-check
  • cemal/feat-oauth2-return-redirect-url
  • cemal/feat-redirect-url-v2
  • cemal/feat-remove-client-id-column-oauth-clients
  • cemal/feat-support-multiple-aud
  • cemal/feat-update-docker-compose-dev
  • cemal/feat-update-openapi
  • cemal/fix-add-missing-param
  • cemal/fix-info-log-on-http-server-close
  • cemal/fix-makefile
  • cemal/fix-oauth2-referer-check
  • cemal/fix-provider-info-signup-audit
  • cemal/oauth-provider-client
  • cemal/refactor-token-service
  • chore-fix-link-to-netlify-gotrue
  • chore/harden-runners
  • chore/testing
  • chore/update-workflow-check-commits
  • cleanup-ci
  • cs/api-db-access
  • cs/api-errorcodes-refactor
  • cs/auth-sso-resource-id-support
  • cs/background-template-reloading
  • cs/background-template-reloading-p2
  • cs/background-template-reloading-p3
  • cs/bug-fix-send-email-hook
  • cs/chore-apitask-tests
  • cs/chore-gosec-fixes
  • cs/conf-coverage
  • cs/e2e
  • cs/feat-add-after-user-created-hook
  • cs/feat-background-workers
  • cs/feat-config-reloader
  • cs/feat-config-reloads-poller
  • cs/feat-email-and-sms-rate-limiting
  • cs/feat-mailer-cleanup-p1
  • cs/feat-mailer-logging
  • cs/feat-makefile-qol
  • cs/feat-percentage-based-db-conn-limits
  • cs/feat-rate-limiter-persistence
  • cs/feat-validate-email-address
  • cs/fix-rate-limit-zero-value-test
  • cs/fix-respect-rate-limit-zero
  • cs/hooks-content-negotiation-fix
  • cs/hooks-p1
  • cs/hooks-p2
  • cs/hooks-p3
  • cs/hooks-p4
  • cs/hooks-pr5-opt1
  • cs/hooks-pr5-opt2
  • cs/hooks-refactor-apierrors
  • cs/hooks-test-coverage
  • cs/invite-fix
  • cs/mailer-refactor-p1
  • cs/master-fix-missing-error-propagation
  • cs/maxconn-fix-1
  • cs/rate-limit-otp-clarity
  • cs/rate-limit-refactor
  • cs/reduce-artifact-sizes
  • cs/reload-coverage
  • cs/reloader-allow-invalid-config-dir
  • cs/revert-1974
  • cs/update-godotenv
  • cs/v1hooks
  • dependabot/go_modules/github.com/getkin/kin-openapi-0.131.0
  • dependabot/go_modules/github.com/go-chi/chi/v5-5.2.2
  • dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.4
  • dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1
  • dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.2
  • dependabot/go_modules/github.com/golang-jwt/jwt/v5-5.2.2
  • dependabot/go_modules/github.com/rs/cors-1.11.0
  • dependabot/go_modules/golang.org/x/crypto-0.31.0
  • dependabot/go_modules/golang.org/x/net-0.23.0
  • dependabot/go_modules/golang.org/x/net-0.36.0
  • dependabot/go_modules/golang.org/x/net-0.38.0
  • dependabot/go_modules/golang.org/x/oauth2-0.27.0
  • development
  • docs-anon-login-configs
  • docs/documentation-cleanup
  • docs/remove-unused-env-var
  • esinx-naver-provider
  • feat-slack-oauth-v2
  • feat/min-jwt
  • feat/mx-blocklist
  • feat/solana-ledger
  • feat_docker_compose_and_go
  • feature/snapchat-oauth
  • figma-auth
  • fix--oauth-redirect-parsing
  • fix-binary-name
  • fix-contributing-md
  • fix-magiclink-requiredchars
  • fix/update-sanitize-signup
  • fix_contributing_typo
  • hf/aao-in-send-email
  • hf/add-audit-log-disable-postgres
  • hf/add-authorized-email-addresses
  • hf/add-azure-ciam
  • hf/add-exhaustive
  • hf/add-magic-link-disable-toggle
  • hf/add-max-idle-time
  • hf/add-one-time-tokens
  • hf/add-support-for-argon2
  • hf/adjust-required-claims-in-auth-hooks
  • hf/artifact-bucket
  • hf/azure-overage-include-api-version
  • hf/bump-saml-0-5-1
  • hf/captcha-parsing-fix
  • hf/change-s3-role
  • hf/chore-fix-gha-perms
  • hf/chore-release-as-2-165-2
  • hf/ci-alpine-3
  • hf/ci-dogofooding-checks-on-release
  • hf/ci-fast-release-tarball
  • hf/ci-fix-binary-version-docker
  • hf/ci-fix-coverage-metering
  • hf/ci-fix-dogfooding
  • hf/ci-fix-dogfooding-take-2
  • hf/cover-crypto-100
  • hf/db-advisor
  • hf/email-less-accounts-with-oauth
  • hf/email-rate-limiting-new-config
  • hf/encrypt-sensitive-columns
  • hf/encrypted-password-pointer
  • hf/experimental-provider-linking-domains
  • hf/external-host-validation
  • hf/fail-empty-address
  • hf/fallback-to-jwt-secret-if-unknown-kid
  • hf/feat-bump-new-version
  • hf/feat-embedded-migrations
  • hf/fix-apple-oidc-issuer-change
  • hf/fix-argon2
  • hf/fix-authenticate-empty-string
  • hf/fix-azure-large-groups
  • hf/fix-claim-overages-json-azure
  • hf/fix-coveralls-image
  • hf/fix-custom-sms-twilio-verify
  • hf/fix-expose-x-supabase-api-version-header-in-cors
  • hf/fix-gosec-siwe
  • hf/fix-id-token-permission
  • hf/fix-idempotent-logout
  • hf/fix-identity-email-verified
  • hf/fix-local-dockerfile
  • hf/fix-mail-headers
  • hf/fix-mfa-config-backward-compatibility
  • hf/fix-new-oidc-provider-apple
  • hf/fix-redirect-ip-address
  • hf/fix-secret-api-key-ignore-aud-claim
  • hf/fix-solana-localhost
  • hf/fix-strip-version
  • hf/fix-supafast
  • hf/fix-timeout-writer
  • hf/fix-write-header
  • hf/fix-write-header-deadlock
  • hf/gomft
  • hf/hook-log
  • hf/inline-mailme
  • hf/limit-low-aal-sessions
  • hf/link-identity-oidc
  • hf/log-json-error-response
  • hf/mail-headers
  • hf/merge-metadata
  • hf/move-email-sms-send-out-of-update-user-transaction
  • hf/openid-configuration
  • hf/phase-ii-ott
  • hf/remove-data-migrations
  • hf/revert-azure-claim-overages
  • hf/saml-array-values
  • hf/saml-encrypted-assertions
  • hf/saml-specific-external-url
  • hf/separate-web3-rate-limits-from-other-token
  • hf/skip-apple-issuer-check-oidc
  • hf/snap
  • hf/split-words-audit-log
  • hf/supafast-tarball
  • hf/support-apple-transfer-sub
  • hf/test-release
  • hf/try-to-run-release-please-again
  • hf/ubuntu-latest
  • hf/upload-artifacts-to-s3
  • hf/use-redirect-url
  • hf/vercel-global-user-id
  • hf/x-sb-error-code
  • iat/align-notifications-defaults
  • iat/auth-840-phone-number-changed-notification
  • iat/auth-841-identity-linked-notifications
  • iat/auth-842-email-send-hooks-for-notifications
  • iat/email-changed-notification
  • iat/mfa-enrollment-notifications
  • iat/password-changed-notification
  • j0/accurately_affect_max_frequency_limit
  • j0/add_additional_info_around_mime_type_error
  • j0/add_context_to_load_factor
  • j0/add_custom_email_sender_hook
  • j0/add_has_factor_claim
  • j0/add_hook_trigger_logic
  • j0/add_last_challenged_at
  • j0/add_mfa_phone_openapi_spec
  • j0/add_mfa_sms
  • j0/add_scrypt_password_hash
  • j0/add_timeout_middleware
  • j0/add_token_for_non_secure_email_change
  • j0/add_twilio_verify_support_for_mfa_phone
  • j0/add_webauthn
  • j0/add_webauthn_config
  • j0/adjust_mfa_status_codes
  • j0/allow_kong_and_edge_functions
  • j0/allow_only_one_phone_factor
  • j0/allow_postgres_and_http_on_extensibility_point
  • j0/backport_auth_namespace_to_enums
  • j0/change_mfa_error_code
  • j0/check_for_phone_identity_on_phone_chang
  • j0/custom_email_hook
  • j0/deprecate_mfa_enabled_config
  • j0/drop_uniqueness_constraint_on_mfa_phone
  • j0/fido2_authenticator_challenge_verify_model
  • j0/fix_email_change_with_phone_auth
  • j0/fix_migration_idempotent_phone_cnfig
  • j0/fix_rc_duplicate_identifier
  • j0/fixes_while_testing
  • j0/forbid_access_token_issuance_without_session
  • j0/hide_hook_name
  • j0/merge_aal_and_amr_update
  • j0/mfa_refactor_load_factor
  • j0/minor_speling_error
  • j0/move_totp_mfa_to_dedicated_fn
  • j0/move_verification_into_mailer_package
  • j0/patch_secure_email_change
  • j0/phone_mfa_refactors
  • j0/prevent_panic_on_email_change
  • j0/publish_to_ghcr
  • j0/refactor_generate_access_token
  • j0/refactor_generate_access_token_to_accept_request
  • j0/remove_deprecated_code
  • j0/remove_find_factors_by_user
  • j0/remove_find_session_by_id
  • j0/remove_set_cookie_tokens
  • j0/remove_totp_field_for_phone_response
  • j0/rename_to_send_sms
  • j0/require_appropriate_aal_for_pw_update
  • j0/return_factor_type_in_challenge
  • j0/send_over_user_in_send_sms_hook
  • j0/update_auth_functions
  • j0/update_error_code_id_token
  • j0/update_hook_schema
  • j0/update_mfa_error_message
  • j0/update_openapi_schema
  • j0/update_openapi_spec
  • j0/update_phone_admin_methods
  • j0/upgrade-contrib-docs
  • j0/upgrade_go_version
  • j0/upgrade_otel_deps
  • j0/validate_send_email
  • j0/webauthn_fixes
  • janek/signup-identities-email-verified
  • km/add-error-codes
  • km/add-error-codes-password-login
  • km/add-ip-based-limits
  • km/add-saml-tests
  • km/alter-auth-uid
  • km/bump-alpine-go
  • km/check-empty-aud
  • km/chore-remove-unused-hook-outputs
  • km/cleanup-anonymous-users
  • km/feat-asymmetric-jwt-support
  • km/fix-admin-update-user
  • km/fix-amr-mfa
  • km/fix-anonymous-user-linking
  • km/fix-attribute-mapping
  • km/fix-auth-hook-error
  • km/fix-auth-hooks
  • km/fix-authorized-emails
  • km/fix-authorized-middleware-check
  • km/fix-cleanup-logging
  • km/fix-context-cancellation
  • km/fix-custom-sms-hook-config
  • km/fix-email-verified
  • km/fix-enable-rls
  • km/fix-external-state
  • km/fix-figma
  • km/fix-ignore-rate-limits-for-autoconfirm
  • km/fix-improve-session-error
  • km/fix-jwt
  • km/fix-linkedin-oidc-issuer
  • km/fix-logging
  • km/fix-mailer-config
  • km/fix-max-password-length-error
  • km/fix-mfa-factors-index
  • km/fix-panic-logout
  • km/fix-panic-refresh-token
  • km/fix-pkce-verify-post
  • km/fix-rate-limit-log-level
  • km/fix-return-error-code
  • km/fix-saml-assertion
  • km/fix-search-path
  • km/fix-serve
  • km/fix-shared-limiter
  • km/fix-signup-generate-link
  • km/fix-signup-verify
  • km/fix-timeout-write-header
  • km/fix-update-attribute-mapping
  • km/fix-update-phone
  • km/fix-update-user
  • km/fix-update-user-email
  • km/fix-update-user-phone-change
  • km/fix-use-factor-id
  • km/format-test-otps
  • km/hotfix-jwt-aud
  • km/improve-logging
  • km/improve-mfa-verify-logs
  • km/improve-saml-logging
  • km/improve-token-oidc-logging
  • km/inactivity-session-bug
  • km/normalise-emails
  • km/phase-iii-ott
  • km/redirect-invalid-state
  • km/ref-retrieve-request-params
  • km/remove-unused-args
  • km/return-identity
  • km/return-session-not-found-error
  • km/update-admin-create-user
  • km/update-chi-version
  • km/update-ci
  • km/update-error-message
  • km/update-golang-jwt
  • km/update-mailme
  • km/update-oapi
  • km/v2.157.1
  • master
  • omerhochman/fix-linkedin-iodc-error
  • optional_2fa
  • or/fallback-on-btree-when-hash-unavailable
  • or/test-twitter-oauth
  • patch-1
  • push-wnvwkqmwrrtk
  • refs/tags/rc2.170.0-rc.10
  • release-please--branches--master
  • release/2.165.0
  • remove-instance-id-queries
  • remove-redundant-method-hookuri-param
  • revert-1534-omerhochman/fix-linkedin-iodc-error
  • revert-1616-km/alter-auth-uid
  • revert-1812-hf/artifact-bucket
  • revert-1856-or/fallback-on-btree-when-hash-unavailable
  • revert-1858-revert-1856-or/fallback-on-btree-when-hash-unavailable
  • sam/packaged-auth
  • scim
  • simplify-request-tracing-middleware-setup-logic
  • single-source-of-truth-for-waitforcleanup
  • siwe-implementation
  • snyk-fix-0720ecd3bfe1e766e52214a3bbab15f5
  • update-docker-container-name
  • update-md-for-resend-endpont
  • vercel-marketplace-oidc

13 Oct 2025 10:25AM UTC coverage: 67.578% (+0.01%) from 67.568%
18462728925

Pull #2200

github

hf
feat: properly handle redirect url fragments and unusual hostnames
Pull Request #2200: feat: properly handle redirect url fragments and unusual hostnames

7 of 7 new or added lines in 1 file covered. (100.0%)

13444 of 19894 relevant lines covered (67.58%)

67.66 hits per line

Relevant lines Covered
Build:
Build:
19894 RELEVANT LINES 13444 COVERED LINES
67.66 HITS PER LINE
Source Files on hf/redirect-url-fragment
  • Tree
  • List 166
  • Changed 1
  • Source Changed 0
  • Coverage Changed 1
Coverage ∆ File Lines Relevant Covered Missed Hits/Line

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
18462728925 hf/redirect-url-fragment feat: properly handle redirect url fragments and unusual hostnames Pull #2200 13 Oct 2025 10:32AM UTC hf github
67.58
18462168531 hf/redirect-url-fragment feat: properly handle redirect url fragments and unusual hostnames Pull #2200 13 Oct 2025 10:11AM UTC hf github
67.58
See All Builds (1188)

Badge your Repo: auth

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.

Could not find badge in README.

Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

Refresh
  • Settings
  • Repo on GitHub
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc