UNPKG

@indiekit/endpoint-auth

Version:

IndieAuth authentication and authorization endpoint for Indiekit. Grants and verifies access tokens and authenticates users.

getindiekit.com

getindiekit/indiekit

17 lines (15 loc) 654 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
/** * Validate `redirect_uri` * @param {string} redirectUri - Redirect URL * @param {string} clientId - URL of client * @returns {boolean} Valid redirect * @see {@link https://indieauth.spec.indieweb.org/#redirect-url} * @todo If redirect URIs doesn’t share same host as `client_id`, validate * against list of redirect URIs fetched from `<link>` tags or `Link` HTTP * headers with a `rel` attribute of `redirect_uri` at the `client_id` URL. */ export const validateRedirect = (redirectUri, clientId) => { const redirectHost = new URL(redirectUri).host; const clientHost = new URL(clientId).host; return redirectHost === clientHost; };