jointakahe / takahe

I was trying to setup buffer today, and their redirect uri looks something like this: https://account.buffer.com/channels/connect?connectingMastodon=true&server=serverName&followBuffer=false

Which seems to break the check in here:

takahe/api/views/oauth.py

Lines 91 to 97 in 1ceef59

    
           if application.redirect_uris and redirect_uri not in application.redirect_uris: 
        
               return render( 
        
                   request, 
        
                   "api/oauth_error.html", 
        
                   {"error": "Invalid application redirect URI"}, 
        
                   status=401, 
        
               )

Putting the full URL worked in the application object worked, so I was wondering if we should ignore query params 😊

That's strictly against the OAuth spec:

redirect_uri
         REQUIRED, if the "redirect_uri" parameter was included in the
         authorization request as described in [Section 4.1.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1), and their
         values MUST be identical.

If it's just Buffer, I'm not entirely inclined to fix it unless other stuff starts doing it too?

	if application.redirect_uris and redirect_uri not in application.redirect_uris:
	return render(
	request,
	"api/oauth_error.html",
	{"error": "Invalid application redirect URI"},
	status=401,
	)

Should redirect uri check ignore query params?