Merge pull request #92 from bshaffer/issue-91

adds redirect uri exception for 'postmessage'
googleapis · Feb 9, 2016 · 3e508c2 · 3e508c2
2 parents eb4aaf0 + 0f115fa
commit 3e508c2
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/src/OAuth2.php b/src/OAuth2.php
@@ -654,9 +654,14 @@ public function setRedirectUri($uri)
       $this->redirectUri = null;
       return;
     }
+    // redirect URI must be absolute
     if (!$this->isAbsoluteUri($uri)) {
-      throw new \InvalidArgumentException(
+      // "postmessage" is a reserved URI string in Google-land
+      // @see https://developers.google.com/identity/sign-in/web/server-side-flow
+      if ('postmessage' !== (string) $uri) {
+        throw new \InvalidArgumentException(
           'Redirect URI must be absolute');
+      }
     }
     $this->redirectUri = (string) $uri;
   }

diff --git a/tests/OAuth2Test.php b/tests/OAuth2Test.php
@@ -157,6 +157,20 @@ public function testIncludesTheScope()
     $this->assertEquals('scope1 scope2', $q['scope']);
   }
 
+  public function testRedirectUriPostmessageIsAllowed()
+  {
+    $o = new OAuth2([
+        'authorizationUri' => 'https://accounts.test.org/insecure/url',
+        'redirectUri' => 'postmessage',
+        'clientId' => 'aClientID'
+    ]);
+    $this->assertEquals('postmessage', $o->getRedirectUri());
+    $url = $o->buildFullAuthorizationUri();
+    $parts = parse_url((string) $url);
+    parse_str($parts['query'], $query);
+    $this->assertArrayHasKey('redirect_uri', $query);
+    $this->assertEquals('postmessage', $query['redirect_uri']);
+  }
 }
 
 class OAuth2GrantTypeTest extends \PHPUnit_Framework_TestCase