[pmg-devel] applied: [PATCH pmg-api 1/2] auth: oidc: fix pattern for `client-id` and `client-key`
Stoiko Ivanov
s.ivanov at proxmox.com
Thu Jun 26 12:46:32 CEST 2025
applied this one after skimming through the RFC - thanks for the patch!
On Tue, 18 Mar 2025 14:59:17 +0100
Christoph Heiss <c.heiss at proxmox.com> wrote:
> Fixes #6214 [0].
>
> As per RFC 6749 Appendix A [1], `client-id` and `client-key` can contain
> any printable ascii character, i.e. anything in the (inclusive) range
> 0x20-0x7E.
>
> Reflect that in the pattern.
>
> [0] https://bugzilla.proxmox.com/show_bug.cgi?id=6214
> [1] https://www.rfc-editor.org/rfc/rfc6749#appendix-A
>
> Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
> ---
> src/PMG/Auth/OIDC.pm | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/src/PMG/Auth/OIDC.pm b/src/PMG/Auth/OIDC.pm
> index b2b1a05..5f797d1 100755
> --- a/src/PMG/Auth/OIDC.pm
> +++ b/src/PMG/Auth/OIDC.pm
> @@ -61,18 +61,22 @@ sub properties {
> maxLength => 256,
> pattern => qr/^(https?):\/\/([a-zA-Z0-9.-]+)(:[0-9]{1,5})?(\/[^\s]*)?$/,
> },
> + # See RFC 6749, Appendix A for the allowed pattern for `client-id` and
> + # `client-key`.
> + # https://www.rfc-editor.org/rfc/rfc6749#appendix-A
> + # tl;dr: anything ASCII in the (inclusive) range 0x20-0x7E
> 'client-id' => {
> description => "OpenID Connect Client ID",
> type => 'string',
> maxLength => 256,
> - pattern => qr/^[a-zA-Z0-9._:-]+$/,
> + pattern => qr/^[\x20-\x7E]+$/,
> },
> 'client-key' => {
> description => "OpenID Connect Client Key",
> type => 'string',
> optional => 1,
> maxLength => 256,
> - pattern => qr/^[a-zA-Z0-9._:-]+$/,
> + pattern => qr/^[\x20-\x7E]+$/,
> },
> autocreate => {
> description => "Automatically create users if they do not exist.",
More information about the pmg-devel
mailing list