yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(oauth): allow wildcard ChatGPT callback URI pattern

Browse Source 
ChatGPT regenerates its GPT ID (and callback URL) every time the GPT
is saved, making exact redirect_uri matching impossible. Added support
for the registered URI pattern https://chat.openai.com/aip/*/oauth/callback
which matches any valid ChatGPT GPT callback via regex.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Garfield
2026-05-17 00:15:46 -04:00
parent c6504ec60f
commit c270f8f74b
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/oauth.ts
View File

@@ -181,10 +181,14 @@ export async function createAuthCode(
return code;
}
const CHATGPT_CALLBACK_RE = /^https:\/\/chat\.openai\.com\/aip\/g-[a-f0-9]+\/oauth\/callback$/;
export function isValidRedirectUri(uri: string, registeredUris: string[]): boolean {
for (const registered of registeredUris) {
if (registered === uri) return true;
if (registered === 'http://localhost:*' && /^http:\/\/localhost:\d+(\/|$)/.test(uri)) return true;
// Allow any ChatGPT GPT callback — GPT ID changes every time the GPT is saved
if (registered === 'https://chat.openai.com/aip/*/oauth/callback' && CHATGPT_CALLBACK_RE.test(uri)) return true;
}
return false;
}