Add dynamic redirect URI validation for OAuth proxy#131
Merged
Conversation
Add callable function support for allowed_redirect_uris config in the OAuth proxy, enabling dynamic configuration via feature flags or other runtime sources without redeployment. New features: - allowed_redirect_patterns_func: Callable returning list of patterns - allowed_redirect_schemes_func: Callable returning list of schemes - redirect_uri_validator: Custom validator function for full URI validation These callables are evaluated per-request, allowing integration with Amplitude, LaunchDarkly, or database lookups for real-time redirect URI management. https://claude.ai/code/session_01YLH7X7ZigGktYJQtthjQjq
|
Ryvn Preview Creating preview This comment will be automatically updated with preview details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds support for dynamic redirect URI validation in OAuth proxy configuration, enabling runtime evaluation of allowed redirect patterns and schemes. This allows integration with feature flags, databases, and other dynamic configuration sources.
Previously, redirect URI validation was limited to static lists defined at startup. The new feature introduces three new configuration options:
allowed_redirect_patterns_func: A callable that returns redirect URI patterns dynamicallyallowed_redirect_schemes_func: A callable that returns allowed URI schemes dynamicallyredirect_uri_validator: A custom validator function for complex validation logicThese work alongside existing static configuration options, providing flexibility for different use cases.
Changes
Core Changes
RedirectPatternsProvider,RedirectSchemesProvider,RedirectUriValidator) and new fields toOAuthProxyConfigfor dynamic redirect URI validation_create_oauth_proxy_providerto resolve static patterns from environment variables and pass through callable functions to the enterprise packageTesting
TestOAuthProxyDynamicRedirectUris) covering:Type of change
Backward Compatibility
This change is fully backward compatible. Existing code using static
allowed_redirect_patternsandallowed_redirect_schemescontinues to work unchanged. The new callable-based parameters are optional and only used when explicitly provided.Use Cases
https://claude.ai/code/session_01YLH7X7ZigGktYJQtthjQjq