[pmg-devel] [PATCH pmg-api 1/2] auth: oidc: fix pattern for `client-id` and `client-key`
Christoph Heiss
c.heiss at proxmox.com
Tue Mar 18 14:59:17 CET 2025
Fixes #6214 [0].
As per RFC 6749 Appendix A [1], `client-id` and `client-key` can contain
any printable ascii character, i.e. anything in the (inclusive) range
0x20-0x7E.
Reflect that in the pattern.
[0] https://bugzilla.proxmox.com/show_bug.cgi?id=6214
[1] https://www.rfc-editor.org/rfc/rfc6749#appendix-A
Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
src/PMG/Auth/OIDC.pm | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/PMG/Auth/OIDC.pm b/src/PMG/Auth/OIDC.pm
index b2b1a05..5f797d1 100755
--- a/src/PMG/Auth/OIDC.pm
+++ b/src/PMG/Auth/OIDC.pm
@@ -61,18 +61,22 @@ sub properties {
maxLength => 256,
pattern => qr/^(https?):\/\/([a-zA-Z0-9.-]+)(:[0-9]{1,5})?(\/[^\s]*)?$/,
},
+ # See RFC 6749, Appendix A for the allowed pattern for `client-id` and
+ # `client-key`.
+ # https://www.rfc-editor.org/rfc/rfc6749#appendix-A
+ # tl;dr: anything ASCII in the (inclusive) range 0x20-0x7E
'client-id' => {
description => "OpenID Connect Client ID",
type => 'string',
maxLength => 256,
- pattern => qr/^[a-zA-Z0-9._:-]+$/,
+ pattern => qr/^[\x20-\x7E]+$/,
},
'client-key' => {
description => "OpenID Connect Client Key",
type => 'string',
optional => 1,
maxLength => 256,
- pattern => qr/^[a-zA-Z0-9._:-]+$/,
+ pattern => qr/^[\x20-\x7E]+$/,
},
autocreate => {
description => "Automatically create users if they do not exist.",
--
2.48.1
More information about the pmg-devel
mailing list