From cad29dcc046163a944167bbaf2292b3e591e01c6 Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Tue, 31 Oct 2023 11:49:08 +0100
Subject: OAuth + Server: Make ISS optional for custom servers

---
 internal/oauth/oauth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'internal/oauth')

diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go
index f1cc9fe..d7da299 100644
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -369,7 +369,7 @@ func (s *exchangeSession) Authcode(url *url.URL) (string, error) {
 
 	// first check ISS
 	iss := q.Get("iss")
-	if s.ISS != iss {
+	if s.ISS != "" && s.ISS != iss {
 		return "", errors.Errorf("failed matching ISS; expected '%s' got '%s'", s.ISS, iss)
 	}
 	// Make sure the state is present and matches to protect against cross-site request forgeries
-- 
cgit v1.2.3