Is openid-client port sensitive in case of https?

[bchang11]

Hi @panva,

I've been successfully using openid-client with a custom fetch implementation for a while. Recently, I started working with an Identity Provider whose discovery metadata includes the default HTTPS port (:443) in its endpoint URLs.

  const config = await openidClient.discovery(server, clientId, clientSecret);
  config[openidClient.customFetch] = createCustomFetch

I observed that the url string received by the function assigned to config[openidClient.customFetch] has the :443 port removed, compared to the URL listed in the IDP's discovery metadata.

Example Metadata token_endpoint: https://idp.example.com:443/oauth2/token
Example url received by custom fetch: https://idp.example.com/oauth2/token
My understanding is that this is likely standard URL normalization, as :443 is the default port for https.

Could you confirm if this normalization (removing the default :443 port from URLs before passing them to the custom fetch function) is the expected behavior in openid-client? I primarily want to ensure my understanding is correct.

Thanks!

[panva]

Hello @bchang11

https://developer.mozilla.org/en-US/docs/Web/API/URL

➜  node -p "new URL('http://foo:80').href"  
http://foo/

➜  node -p "new URL('http://foo:8080').href"
http://foo:8080/

➜  node -p "new URL('https://foo:443').href" 
https://foo/

➜  node -p "new URL('https://foo:8083').href"
https://foo:8083/

Does that answer your question? I hope so because I can't quite grasp what the point of it is in the first place.