From e7b7bfddd65b41350c195552cb6b8504b691a846 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 26 Jul 2021 11:29:16 +0200
Subject: [PATCH] providers/oauth2: fix blank redirect_uri not working with
 TokenView

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/oauth2/views/token.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index d192cba50..c97086f7a 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -126,7 +126,15 @@ class TokenParams:
             LOGGER.warning("Missing authorization code")
             raise TokenError("invalid_grant")
 
-        if self.redirect_uri not in self.provider.redirect_uris.split():
+        allowed_redirect_urls = self.provider.redirect_uris.split()
+        if len(allowed_redirect_urls) < 1:
+            LOGGER.warning(
+                "Provider has no allowed redirect_uri set, allowing all.",
+                allow=self.redirect_uri.lower(),
+            )
+        elif self.redirect_uri.lower() not in [
+            x.lower() for x in allowed_redirect_urls
+        ]:
             LOGGER.warning(
                 "Invalid redirect uri",
                 uri=self.redirect_uri,