From 9f57969690f78b545f3b5b1eda21d8ea5eaad03d Mon Sep 17 00:00:00 2001
From: Koushik Dutta <koush@Koushik-MacStudio.localdomain>
Date: Mon, 29 Aug 2022 11:22:29 -0700
Subject: [PATCH] core: support custom and relative path redirect uri for oauth
 clients

---
 plugins/core/package-lock.json                |  4 ++--
 plugins/core/package.json                     |  2 +-
 .../core/ui/src/interfaces/OauthClient.vue    | 24 ++++++++++++++++---
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/plugins/core/package-lock.json b/plugins/core/package-lock.json
index 4c97d83b8..1f2222191 100644
--- a/plugins/core/package-lock.json
+++ b/plugins/core/package-lock.json
@@ -1,12 +1,12 @@
 {
    "name": "@scrypted/core",
-   "version": "0.1.27",
+   "version": "0.1.28",
    "lockfileVersion": 2,
    "requires": true,
    "packages": {
       "": {
          "name": "@scrypted/core",
-         "version": "0.1.27",
+         "version": "0.1.28",
          "license": "Apache-2.0",
          "dependencies": {
             "@scrypted/common": "file:../../common",
diff --git a/plugins/core/package.json b/plugins/core/package.json
index 96a8cc239..8bd67f7c1 100644
--- a/plugins/core/package.json
+++ b/plugins/core/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@scrypted/core",
-   "version": "0.1.27",
+   "version": "0.1.28",
    "description": "Scrypted Core plugin. Provides the UI, websocket, and engine.io APIs.",
    "author": "Scrypted",
    "license": "Apache-2.0",
diff --git a/plugins/core/ui/src/interfaces/OauthClient.vue b/plugins/core/ui/src/interfaces/OauthClient.vue
index 46a57c02e..9229df599 100644
--- a/plugins/core/ui/src/interfaces/OauthClient.vue
+++ b/plugins/core/ui/src/interfaces/OauthClient.vue
@@ -8,14 +8,32 @@ import qs from 'query-string';
 export default {
   mixins: [RPCInterface],
   methods: {
-    onChange() {},
-    onClick: function() {
+    onChange() { },
+    onClick: function () {
       this.rpc()
         .getOauthUrl()
         .then(data => {
           var url = new URL(data);
           var querystring = qs.parse(url.search.replace("?", ""));
-          querystring.redirect_uri = `https://home.scrypted.app/web/oauth/callback`;
+          let { redirect_uri } = querystring;
+          if (redirect_uri) {
+            let u;
+            try {
+              u = new URL(redirect_uri);
+            }
+            catch (e) {
+              u = new URL(redirect_uri, window.location.href);
+              u.hostname = 'localhost';
+            }
+            if (u.hostname === 'localhost') {
+              u.hostname = new URL(window.location.href).hostname;
+              redirect_uri = u.toString();
+            }
+          }
+          else {
+            redirect_uri = `https://home.scrypted.app/web/oauth/callback`;
+          }
+          querystring.redirect_uri = redirect_uri;
           querystring.state = JSON.stringify({
             d: this.device.id,
             s: querystring.state,