Post Logout Redirect Validation w/ Custom URL Scheme Namespace

[sethtomy]

Preflight checklist

• [x] I could not find a solution in the existing issues, docs, nor discussions.
• [x] I agree to follow this project's Code of Conduct.
• [x] I have read and am following this repository's Contribution Guidelines.
• [ ] I have joined the Ory Community Slack.
• [x] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

I am trying to create a Client for a mobile app with Custom URL Scheme Namespaces but it fails with the error:

post_logout_redirect_uri 'tnt-mobile://logout' must match the domain, port, scheme of at least one of the registered redirect URIs but did not

Reproducing the bug

On further investigation it looks like this is happening here.

I've written the following to verify:

package main

import (
	"fmt"
	"net/url"
)

func main() {
	r, err := url.Parse("tnt-mobile://authorize-callback")
	if err != nil {
		fmt.Println("Error:", err)
		return
	}
	u, err := url.Parse("tnt-mobile://logout")
	if err != nil {
		fmt.Println("Error:", err)
		return
	}
	var found bool
	fmt.Println("r.Hostname():", r.Hostname())
	fmt.Println("u.Hostname():", u.Hostname())
	fmt.Println("r.Port():", r.Port())
	fmt.Println("u.Port():", u.Port())
	fmt.Println("r.Scheme:", r.Scheme)
	fmt.Println("u.Scheme:", u.Scheme)
	if r.Hostname() == u.Hostname() &&
		r.Port() == u.Port() &&
		r.Scheme == u.Scheme {
		found = true
	}
	fmt.Println("Found:", found)
}

Relevant log output

with output:


r.Hostname(): authorize-callback
u.Hostname(): logout
r.Port(): 
u.Port(): 
r.Scheme: tnt-mobile
u.Scheme: tnt-mobile
Found: false

Relevant configuration

Version

2.3.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response