From b938bc7c526da6c28356eb774f74f9c3f0aee674 Mon Sep 17 00:00:00 2001
From: Kagami Sascha Rosylight <saschanaz@outlook.com>
Date: Wed, 14 Jun 2023 23:43:15 +0200
Subject: [PATCH] more description about client id validation

---
 packages/backend/src/server/oauth/OAuth2ProviderService.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
index 4a0775879..c2a57adb3 100644
--- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts
+++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
@@ -26,7 +26,9 @@ import { LoggerService } from '@/core/LoggerService.js';
 import Logger from '@/logger.js';
 import type { FastifyInstance } from 'fastify';
 
-// https://indieauth.spec.indieweb.org/#client-identifier
+// Follows https://indieauth.spec.indieweb.org/#client-identifier
+// This is also mostly similar to https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation
+// although Google has stricter rule.
 function validateClientId(raw: string): URL {
 	// Clients are identified by a [URL].
 	const url = ((): URL => {