fix: open redirect vulnerability in completeAuthorization

roerohan · roerohan · commit 1b4fa4f8dd28 · 2025-10-16T09:42:21.000+05:30
diff --git a/src/oauth-provider.ts b/src/oauth-provider.ts
@@ -2540,6 +2540,20 @@ class OAuthHelpersImpl implements OAuthHelpers {
    * @returns A Promise resolving to an object containing the redirect URL
    */
   async completeAuthorization(options: CompleteAuthorizationOptions): Promise<{ redirectTo: string }> {
+    const { clientId, redirectUri } = options.request;
+
+    if (!clientId || !redirectUri) {
+      throw new Error('Client ID and Redirect URI are required in the authorization request.');
+    }
+
+    // Re-validate the redirectUri to prevent open redirect vulnerabilities
+    const clientInfo = await this.lookupClient(clientId);
+    if (!clientInfo || !clientInfo.redirectUris.includes(redirectUri)) {
+      throw new Error(
+        'Invalid redirect URI. The redirect URI provided does not match any registered URI for this client.'
+      );
+    }
+
     // Generate a unique grant ID
     const grantId = generateRandomString(16);
 
