lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.1.0 vs lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.2.0

@@ -26,10 +26,15 @@
     translatable_method :oauth_applications_tos_uri_label, "Terms of service URL"
     translatable_method :oauth_applications_policy_uri_label, "Policy URL"
     translatable_method :oauth_unsupported_response_type_message, "Unsupported response type"
     translatable_method :oauth_authorize_parameter_required, "Invalid or missing '%<parameter>s'"
 
+    auth_value_methods(
+      :resource_owner_params,
+      :oauth_grants_resource_owner_columns
+    )
+
     # /authorize
     auth_server_route(:authorize) do |r|
       require_authorizable_account
       before_authorize_route
 
@@ -71,11 +76,13 @@
 
       redirect_uris = oauth_application[oauth_applications_redirect_uri_column].split(" ")
 
       if (redirect_uri = param_or_nil("redirect_uri"))
         normalized_redirect_uri = normalize_redirect_uri_for_comparison(redirect_uri)
-        redirect_authorize_error("redirect_uri") unless redirect_uris.include?(normalized_redirect_uri)
+        unless redirect_uris.include?(normalized_redirect_uri) || redirect_uris.include?(redirect_uri)
+          redirect_authorize_error("redirect_uri")
+        end
       elsif redirect_uris.size > 1
         redirect_authorize_error("redirect_uri")
       end
 
       redirect_response_error("unsupported_response_type") unless check_valid_response_type?
@@ -107,16 +114,23 @@
 
       approval_prompt = param_or_nil("approval_prompt")
       !approval_prompt || APPROVAL_PROMPTS.include?(approval_prompt)
     end
 
+    def resource_owner_params
+      { oauth_grants_account_id_column => account_id }
+    end
+
+    def oauth_grants_resource_owner_columns
+      [oauth_grants_account_id_column]
+    end
+
     def try_approval_prompt
       approval_prompt = param_or_nil("approval_prompt")
 
       return unless approval_prompt && approval_prompt == "auto"
 
-      return if db[oauth_grants_table].where(
-        oauth_grants_account_id_column => account_id,
+      return if db[oauth_grants_table].where(resource_owner_params).where(
         oauth_grants_oauth_application_id_column => oauth_application[oauth_applications_id_column],
         oauth_grants_redirect_uri_column => redirect_uri,
         oauth_grants_scopes_column => scopes.join(oauth_scope_separator),
         oauth_grants_access_type_column => "online"
       ).count.zero?