Validate that the issuer URL meets OAuth 2.0 requirements. Args: url: The issuer URL to validate. Raises: ValueError: If the issuer URL is invalid.
(url: AnyHttpUrl)
| 22 | |
| 23 | |
| 24 | def validate_issuer_url(url: AnyHttpUrl): |
| 25 | """Validate that the issuer URL meets OAuth 2.0 requirements. |
| 26 | |
| 27 | Args: |
| 28 | url: The issuer URL to validate. |
| 29 | |
| 30 | Raises: |
| 31 | ValueError: If the issuer URL is invalid. |
| 32 | """ |
| 33 | |
| 34 | # RFC 8414 requires HTTPS, but we allow loopback/localhost HTTP for testing |
| 35 | if url.scheme != "https" and url.host not in ("localhost", "127.0.0.1", "[::1]"): |
| 36 | raise ValueError("Issuer URL must be HTTPS") |
| 37 | |
| 38 | # No fragments or query parameters allowed |
| 39 | if url.fragment: |
| 40 | raise ValueError("Issuer URL must not have a fragment") |
| 41 | if url.query: |
| 42 | raise ValueError("Issuer URL must not have a query string") |
| 43 | |
| 44 | |
| 45 | AUTHORIZATION_PATH = "/authorize" |
no outgoing calls