Menu
▾
▴
Re: [Unity-idm-discuss] prohibit whitespace characters for some attributes
|
From: Krzysztof B. <kb...@un...> - 2022-08-29 11:15:47
|
Hi Sander, W dniu 25.08.2022 o 15:13, Sander Apweiler pisze: > Hi Krzystzof, > after I had a longer debug session with an administrator of a service > who said there where a problem in unity, I was able to show him, that > he created a wrong config. He entered in the OAuth return URL a > linebreak. > > To avoid such problems, would it make sense to prohibit whitespace > characters to some attributes like return URL or email addresses? A > valid value never contains whitespace character. Yes, this situation unfortunately can happen. It is because we don't have a dedicated attribute value type for URLs (or URIs). And so OAuth client's return URL is stored in a plain string attribute. We were talking about that few times, but never approached that as we are bit afraid of the migration: it may happen that current values are not parsable as URL -> what then? Anyway as this was raised also on community side, not only randomly internally, I'm opening a ticket to cover that: introduce URL attribute value type, with proper validation, and migrate all system attributes to that type. Migration details TBD. In the case of emails this problem should not exist: we have a dedicated type for that, so as long as verifiableEmail type is used in attribute intended to store email, any invalid string should not be allowed. Best, Krzysztof |
