@better-auth/oauth-provider 1.5.1 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +2 -2
- package/dist/index.mjs.map +1 -1
- package/package.json +5 -5
package/dist/index.mjs
CHANGED
|
@@ -286,8 +286,8 @@ async function createIdToken(ctx, opts, user, client, scopes, nonce, sessionId,
|
|
|
286
286
|
}) : {};
|
|
287
287
|
const jwtPluginOptions = opts.disableJwtPlugin ? void 0 : getJwtPlugin(ctx.context).options;
|
|
288
288
|
const payload = {
|
|
289
|
-
...customClaims,
|
|
290
289
|
...userClaims,
|
|
290
|
+
...customClaims,
|
|
291
291
|
auth_time: authTimeSec,
|
|
292
292
|
acr,
|
|
293
293
|
iss: jwtPluginOptions?.jwt?.issuer ?? ctx.context.baseURL,
|
|
@@ -1272,7 +1272,7 @@ const DANGEROUS_SCHEMES = [
|
|
|
1272
1272
|
"vbscript:"
|
|
1273
1273
|
];
|
|
1274
1274
|
function isLocalhost(hostname) {
|
|
1275
|
-
return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "[::1]";
|
|
1275
|
+
return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "[::1]" || hostname.endsWith(".localhost");
|
|
1276
1276
|
}
|
|
1277
1277
|
/**
|
|
1278
1278
|
* Reusable URL validation for OAuth redirect URIs.
|