mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-24 07:19:28 +00:00
fix: update IDP Success and Failure URLs to accept up to 2048 characters (#8327)
# Which Problems Are Solved
The success and failure URLs post IDP intent are limited to 200
characters. This is very low given the standard for URL lengths is much
higher
https://www.baeldung.com/cs/max-url-length#maximum-length-of-a-url-in-different-browsers
Name of the Browser | URL Length
-- | --
Google Chrome | Maximum of 2048 characters for a URL
Mozilla Firefox | The address bar no longer shows the URL after 65536
characters
Internet Explorer | Maximum length of the URL is 2083 characters
Safari | Supports up to 80000 characters for a URL
Opera | Can display up to 190000 characters in its address bar
Apache | Supports a maximum of 4000 characters
The user post SSO login w/ Zitadel, sees deep links to out app e.g.
`www.mycompany.com/idp/success?deeplink=app/mypage/id/test#thing=abcdef`
and these are usually greater than 200 characters.
# How the Problems Are Solved
Replace this example text with a concise list of changes that this PR
introduces.
- Update validation check for SuccessURL length on v2 and v3 APIs to a
max of 2048 characters
- Update validation check for FailureURL length on v2 and v3 APIs to a
max of 2048 characters
I didn't find any docs t update reflecting this change in length
# Additional Context
Fixes the error
```<PreparedRequest [POST]>, status: 400, reason: Bad Request, response: {"code":3,"message":"invalid StartIdentityProviderIntentRequest.Urls: embedded message failed validation | caused by: invalid RedirectURLs.SuccessUrl: value length must be between 1 and 200 runes, inclusive"}```
(cherry picked from commit d90db6693c
)
This commit is contained in:

committed by
Livio Spring

parent
3be36c7b89
commit
530cb833c6
@@ -32,20 +32,20 @@ message LDAPCredentials {
|
|||||||
|
|
||||||
message RedirectURLs {
|
message RedirectURLs {
|
||||||
string success_url = 1 [
|
string success_url = 1 [
|
||||||
(validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
|
(validate.rules).string = {min_len: 1, max_len: 2048, uri_ref: true},
|
||||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||||
description: "URL on which the user will be redirected after a successful login"
|
description: "URL on which the user will be redirected after a successful login"
|
||||||
min_length: 1;
|
min_length: 1;
|
||||||
max_length: 200;
|
max_length: 2048;
|
||||||
example: "\"https://custom.com/login/idp/success\"";
|
example: "\"https://custom.com/login/idp/success\"";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
string failure_url = 2 [
|
string failure_url = 2 [
|
||||||
(validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
|
(validate.rules).string = {min_len: 1, max_len: 2048, uri_ref: true},
|
||||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||||
description: "URL on which the user will be redirected after a failed login"
|
description: "URL on which the user will be redirected after a failed login"
|
||||||
min_length: 1;
|
min_length: 1;
|
||||||
max_length: 200;
|
max_length: 2048;
|
||||||
example: "\"https://custom.com/login/idp/fail\"";
|
example: "\"https://custom.com/login/idp/fail\"";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@@ -315,21 +315,21 @@ message ReturnWebAuthNRegistrationCode {}
|
|||||||
message RedirectURLs {
|
message RedirectURLs {
|
||||||
// URL to which the user will be redirected after a successful login.
|
// URL to which the user will be redirected after a successful login.
|
||||||
string success_url = 1 [
|
string success_url = 1 [
|
||||||
(validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
|
(validate.rules).string = {min_len: 1, max_len: 2048, uri_ref: true},
|
||||||
(google.api.field_behavior) = REQUIRED,
|
(google.api.field_behavior) = REQUIRED,
|
||||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||||
min_length: 1;
|
min_length: 1;
|
||||||
max_length: 200;
|
max_length: 2048;
|
||||||
example: "\"https://custom.com/login/idp/success\"";
|
example: "\"https://custom.com/login/idp/success\"";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
// URL to which the user will be redirected after a failed login.
|
// URL to which the user will be redirected after a failed login.
|
||||||
string failure_url = 2 [
|
string failure_url = 2 [
|
||||||
(validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
|
(validate.rules).string = {min_len: 1, max_len: 2048, uri_ref: true},
|
||||||
(google.api.field_behavior) = REQUIRED,
|
(google.api.field_behavior) = REQUIRED,
|
||||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||||
min_length: 1;
|
min_length: 1;
|
||||||
max_length: 200;
|
max_length: 2048;
|
||||||
example: "\"https://custom.com/login/idp/fail\"";
|
example: "\"https://custom.com/login/idp/fail\"";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
Reference in New Issue
Block a user