From c55d9784fe2a5c31b6f8faeb7b0a0e13c6e3629a Mon Sep 17 00:00:00 2001
From: Kagami Sascha Rosylight <saschanaz@outlook.com>
Date: Fri, 16 Jun 2023 22:54:39 +0200
Subject: [PATCH] migration todo

---
 packages/backend/src/server/oauth/OAuth2ProviderService.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
index ded2786a26..8d55929ac4 100644
--- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts
+++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
@@ -27,6 +27,10 @@ import Logger from '@/logger.js';
 import type { ServerResponse } from 'node:http';
 import type { FastifyInstance } from 'fastify';
 
+// TODO: Consider migrating to @node-oauth/oauth2-server once
+// https://github.com/node-oauth/node-oauth2-server/issues/180 is figured out.
+// Upstream the redirection URI validation below and RFC9207 implementation in that case.
+
 // Follows https://indieauth.spec.indieweb.org/#client-identifier
 // This is also mostly similar to https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation
 // although Google has stricter rule.