allow plain http URLs in metadata elements jwks_uri and signed_jwks_uri

to ensure backwards compatibility with <=2.4.15.7 and to support private/test deployments Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Oct 23, 2024 · 59781b2 · 59781b2
1 parent 75b7dcf
commit 59781b2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+10/23/2024
+- metadata: allow plain HTTP URLs in metadata elements `jwks_uri` and `signed_jwks_uri`
+  to ensure backwards compatibility with <=2.4.15.7 and to support private/test deployments
+
 10/22/2024
 - address warnings from static code analysis tool CodeChecker
 - bump to 2.4.16.6dev

diff --git a/src/cfg/provider.c b/src/cfg/provider.c
@@ -492,7 +492,7 @@ const char *oidc_cfg_provider_jwks_uri_uri_get(oidc_provider_t *provider) {
 }
 
 const char *oidc_cfg_provider_jwks_uri_set(apr_pool_t *pool, oidc_provider_t *provider, const char *arg) {
-	const char *rv = oidc_cfg_parse_is_valid_url(pool, arg, "https");
+	const char *rv = oidc_cfg_parse_is_valid_http_url(pool, arg);
 	if (rv == NULL)
 		provider->jwks_uri.uri = apr_pstrdup(pool, arg);
 	return rv;
@@ -556,7 +556,7 @@ const char *oidc_cfg_provider_signed_jwks_uri_set(apr_pool_t *pool, oidc_provide
 	json_t *json = NULL;
 
 	if ((arg1 != NULL) && (_oidc_strcmp(arg1, "") != 0)) {
-		rv = oidc_cfg_parse_is_valid_url(pool, arg1, "https");
+		rv = oidc_cfg_parse_is_valid_http_url(pool, arg1);
 		if (rv != NULL)
 			goto end;
 		provider->jwks_uri.signed_uri = apr_pstrdup(pool, arg1);