1
69%
master: 69%

Ran 29 Dec 2025 03:55PM UTC

Files 171

Run time 4s

Badge

Embed ▾

Committed 29 Dec 2025 03:47PM UTC coverage: 68.783% (+0.001%) from 68.782%

Job # 20576804091.1

Build Type

push

github

Committed by

web-flow

Commit Message

fix(oauth-server): allow custom URI schemes in client redirect URIs (#2298)

## Problem

Fixes #2285

The OAuth 2.0 Client Registration endpoin was incorrectly rejecting
custom URI schemes like `cursor://`, or `myapp://`, blocking native
application integrations.

## Root Cause
The validation logic in `validateRedirectURI()` was overly restrictive,
only allowing HTTPS or HTTP (localhost). This contradicted with **RFC
8252** (OAuth 2.0 for Native Apps) - recommends custom URI schemes

## Solution

Relaxed redirect URI validation

### New Validation Rules
  - **HTTPS** - always allowed
- **Custom URI schemes** - allowed for native apps (`cursor://`,
`myapp://`, `vscode://`, etc.)
- **HTTP** - only for localhost/loopback (`localhost`, `127.0.0.1`,
`::1`)
  - **Fragments** - still rejected per spec

Run Details

14743 of 21434 relevant lines covered (68.78%)

79.23 hits per line

supabase / auth / 20576804091 / 1
69%
master: 69%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20576804091.1

supabase / auth / 20576804091 / 1 69% master: 69%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20576804091.1

supabase / auth / 20576804091 / 1
69%
master: 69%

README BADGES
x