Allow non-default https port

t3chguy · t3chguy · commit e5a2debd4cb5 · 2025-05-08T08:39:37.000+01:00
diff --git a/policies/client_registration/client_registration.rego b/policies/client_registration/client_registration.rego
@@ -31,9 +31,6 @@ secure_url(x) if {
 	url.host != "127.0.0.1"
 	url.host != "0.0.0.0"
 	url.host != "[::1]"
-
-	# Must be standard port for HTTPS
-	url.port == ""
 }
 
 host_matches_client_uri(_) if {
diff --git a/policies/client_registration/client_registration_test.rego b/policies/client_registration/client_registration_test.rego
@@ -189,6 +189,12 @@ test_redirect_uris if {
 		"redirect_uris": [],
 	}
 
+	# HTTPS redirect_uri with non-standard port
+	client_registration.allow with input.client_metadata as {
+		"client_uri": "https://example.com/",
+		"redirect_uris": ["https://example.com:8443/callback"],
+	}
+
 	# Not required for the client_credentials grant
 	client_registration.allow with input.client_metadata as {
 		"grant_types": ["client_credentials"],

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,6 @@ secure_url(x) if {`
`31`	`31`	`url.host != "127.0.0.1"`
`32`	`32`	`url.host != "0.0.0.0"`
`33`	`33`	`url.host != "[::1]"`
`34`		`-`
`35`		`- # Must be standard port for HTTPS`
`36`		`- url.port == ""`
`37`	`34`	`}`
`38`	`35`
`39`	`36`	`host_matches_client_uri(_) if {`