yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(oauth): allow wildcard ChatGPT callback URI pattern

Browse Source 
ChatGPT regenerates its GPT ID (and callback URL) every time the GPT
is saved, making exact redirect_uri matching impossible. Added support
for the registered URI pattern https://chat.openai.com/aip/*/oauth/callback
which matches any valid ChatGPT GPT callback via regex.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Garfield
2026-05-17 00:15:46 -04:00
parent c6504ec60f
commit c270f8f74b
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hermes-k8s.yaml
View File

@@ -22,7 +22,7 @@ spec:
fsGroup: 1000 fsGroup: 1000
containers: containers:
- name: hermes-mcp - name: hermes-mcp
image: localhost:32000/hermes-mcp@sha256:d98ef6d2fde25c11233f614f839b09958bfb772c9a5b26fe8374cf6ffd5417a2 image: localhost:32000/hermes-mcp@sha256:6685df4c86cceeaeb645c9ccee32f9396915a7c30e57f685945056c92516723d
imagePullPolicy: Always imagePullPolicy: Always
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false

4
src/oauth.ts
View File

@@ -181,10 +181,14 @@ export async function createAuthCode(
return code; return code;
} }
const CHATGPT_CALLBACK_RE = /^https:\/\/chat\.openai\.com\/aip\/g-[a-f0-9]+\/oauth\/callback$/;
export function isValidRedirectUri(uri: string, registeredUris: string[]): boolean { export function isValidRedirectUri(uri: string, registeredUris: string[]): boolean {
for (const registered of registeredUris) { for (const registered of registeredUris) {
if (registered === uri) return true; if (registered === uri) return true;
if (registered === 'http://localhost:*' && /^http:\/\/localhost:\d+(\/|$)/.test(uri)) return true; if (registered === 'http://localhost:*' && /^http:\/\/localhost:\d+(\/|$)/.test(uri)) return true;
// Allow any ChatGPT GPT callback — GPT ID changes every time the GPT is saved
if (registered === 'https://chat.openai.com/aip/*/oauth/callback' && CHATGPT_CALLBACK_RE.test(uri)) return true;
} }
return false; return false;
} }