Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Deep link format for redirect uri parameter is not parsed correctly #22778

New issue
New issue
Closed
#29291
#23354
Closed
Deep link format for redirect uri parameter is not parsed correctly#22778
#29291
#23354
Assignees
rmartinc
Labels
area/corekind/bugCategorizes a PR related to a bug
Milestone
22.0.4
@ebespali

Description

@ebespali
ebespali
opened on Aug 29, 2023

Before reporting an issue

Area

core

Describe the bug

Hi!
We have noticed that "redirect uri" parameter is no longer parsed correctly if it's in "deep link" format, example: cell.sso://oauth2redirect

We have an "*" in client settings for "Valid redirect URIs" parameter but still getting an error in log:
2023-08-28 14:44:32,444 WARN [org.keycloak.events] (executor-thread-2) type=LOGIN_ERROR, realmId=cell, clientId=my-cell-app-android, userId=null, ipAddress=x.x.x.x, error=invalid_redirect_uri, redirect_uri=cell.sso://oauth2redirect

Update: DEBUG mode shows:
2023-08-29 14:38:08,309 DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtils] (executor-thread-32) Invalid URI because scheme is not allowed: cell.sso://oauth2redirect

Setting "Valid redirect URIs" parameter to exact value cell.sso://oauth2redirect along with "*" seems to fix this issue but logout flow not working still:
2023-08-28 17:35:32,825 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-67) Uncaught server error: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "redirectUri" is null
at org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRedirectUri(RedirectUtils.java:146)
at org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRealmRedirectUri(RedirectUtils.java:54)
at org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.logout(LogoutEndpoint.java:245)
at jdk.internal.reflect.GeneratedMethodAccessor526.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43

Logout url looks as
https://sso-test.cell.com.ua/auth/realms/cell/protocol/openid-connect/logout?redirect_uri=https://sso-test.cell.com.ua/auth/realms/cell/protocol/openid-connect/auth?redirect_uri=cell.sso://oauth2redirect&client_id=my-cell-app-android&response_type=code&ui_locales=uk&state=4gymDiO8wvpF3Gz0d0DaQw&nonce=8o8NHt7CIKVsVo1u8giKzQ&scope=openid offline_access&code_challenge=gOu6ZP8Lb4nICu3tqoami2RmCaj91cGA7lP9J4fvox4&code_challenge_method=S256

with redirect_uri parameter in deep link format, but it seems like keycloak is not sees it.

Version

22.0.1

Expected behavior

"redirect uri" parameter is parsed correctly

Actual behavior

2023-08-28 14:44:32,444 WARN [org.keycloak.events] (executor-thread-2) type=LOGIN_ERROR, realmId=cell, clientId=my-cell-app-android, userId=null, ipAddress=x.x.x.x, error=invalid_redirect_uri, redirect_uri=cell.sso://oauth2redirect

How to Reproduce?

Create client with "Valid redirect URIs" parameter in deep link format.

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/corekind/bugCategorizes a PR related to a bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions