Colin-b · Colin-b · Jun 17, 2024 · Jun 17, 2024 · Jun 17, 2024 · Jun 17, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Adding explicit support for Python `3.12`.
 - Publicly expose `requests_auth.SupportMultiAuth`, allowing multiple authentication support for every `requests` authentication class that exists.
 - Publicly expose `requests_auth.TokenMemoryCache`, allowing to create custom Oauth2 token cache based on this default implementation.
+- Thanks to the new `redirect_uri_domain` parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the [FQDN](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to use in the `redirect_uri` when `localhost` (the default) is not allowed.
 
 ### Changed
 - Except for `requests_auth.testing`, only direct access via `requests_auth.` was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (`_`).

diff --git a/README.md b/README.md
diff --git a/requests_auth/_oauth2/authorization_code.py b/requests_auth/_oauth2/authorization_code.py
@@ -29,8 +29,9 @@ def __init__(self, authorization_url: str, token_url: str, **kwargs):
         """
         :param authorization_url: OAuth 2 authorization URL.
         :param token_url: OAuth 2 token URL.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 code will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a code or a token to be received once requested.
@@ -203,8 +204,9 @@ def __init__(self, instance: str, client_id: str, **kwargs):
         default by default.
         :param scope: Scope parameter sent in query. Can also be a list of scopes.
         Request 'openid' by default.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.

diff --git a/requests_auth/_oauth2/authorization_code_pkce.py b/requests_auth/_oauth2/authorization_code_pkce.py
@@ -33,8 +33,9 @@ def __init__(self, authorization_url: str, token_url: str, **kwargs):
         """
         :param authorization_url: OAuth 2 authorization URL.
         :param token_url: OAuth 2 token URL.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 code will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a code or a token to be received once requested.
@@ -249,8 +250,9 @@ def __init__(self, instance: str, client_id: str, **kwargs):
         default by default.
         :param scope: Scope parameter sent in query. Can also be a list of scopes.
         Request 'openid' by default.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.

diff --git a/requests_auth/_oauth2/browser.py b/requests_auth/_oauth2/browser.py
@@ -1,8 +1,9 @@
 class BrowserAuth:
     def __init__(self, kwargs):
         """
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 code will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a code or a token to be received once requested.
@@ -14,11 +15,10 @@ def __init__(self, kwargs):
         this is the maximum amount of milliseconds the failure page will be displayed in your browser.
         Display the page for 5 seconds by default.
         """
+        redirect_uri_domain = kwargs.pop("redirect_uri_domain", None) or "localhost"
         redirect_uri_endpoint = kwargs.pop("redirect_uri_endpoint", None) or ""
         self.redirect_uri_port = int(kwargs.pop("redirect_uri_port", None) or 5000)
-        self.redirect_uri = (
-            f"http://localhost:{self.redirect_uri_port}/{redirect_uri_endpoint}"
-        )
+        self.redirect_uri = f"http://{redirect_uri_domain}:{self.redirect_uri_port}/{redirect_uri_endpoint}"
 
         # Time is expressed in seconds
         self.timeout = float(kwargs.pop("timeout", None) or 60)

diff --git a/requests_auth/_oauth2/implicit.py b/requests_auth/_oauth2/implicit.py
@@ -31,8 +31,9 @@ def __init__(self, authorization_url: str, **kwargs):
         :param early_expiry: Number of seconds before actual token expiry where token will be considered as expired.
         Default to 30 seconds to ensure token will not expire between the time of retrieval and the time the request
         reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.
@@ -137,8 +138,9 @@ def __init__(self, tenant_id: str, client_id: str, **kwargs):
         reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry.
         :param nonce: Refer to http://openid.net/specs/openid-connect-core-1_0.html#IDToken for more details
         (formatted as an Universal Unique Identifier - UUID). Use a newly generated UUID by default.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.
@@ -187,8 +189,9 @@ def __init__(self, tenant_id: str, client_id: str, **kwargs):
         reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry.
         :param nonce: Refer to http://openid.net/specs/openid-connect-core-1_0.html#IDToken for more details
         (formatted as an Universal Unique Identifier - UUID). Use a newly generated UUID by default.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.
@@ -244,8 +247,9 @@ def __init__(self, instance: str, client_id: str, **kwargs):
         default by default.
         :param scope: Scope parameter sent in query. Can also be a list of scopes.
         Request ['openid', 'profile', 'email'] by default.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.
@@ -300,8 +304,9 @@ def __init__(self, instance: str, client_id: str, **kwargs):
         default by default.
         :param scope: Scope parameter sent in query. Can also be a list of scopes.
         Request ['openid', 'profile', 'email'] by default.
+        :param redirect_uri_domain: FQDN to use in the redirect_uri when localhost (default) is not allowed.
         :param redirect_uri_endpoint: Custom endpoint that will be used as redirect_uri the following way:
-        http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
+        http://<redirect_uri_domain>:<redirect_uri_port>/<redirect_uri_endpoint>. Default value is to redirect on / (root).
         :param redirect_uri_port: The port on which the server listening for the OAuth 2 token will be started.
         Listen on port 5000 by default.
         :param timeout: Maximum amount of seconds to wait for a token to be received once requested.

diff --git a/tests/auth_helper.py b/tests/auth_helper.py
diff --git a/tests/features/__init__.py b/tests/features/__init__.py
diff --git a/tests/features/multi_auth/__init__.py b/tests/features/multi_auth/__init__.py