Skip to content

Add DCR redirect URI allowlist setting to integrations config docs#8807

Open
Combs7th wants to merge 4 commits intov11.5-documentationfrom
claude/issue-8806-20260309-2321
Open

Add DCR redirect URI allowlist setting to integrations config docs#8807
Combs7th wants to merge 4 commits intov11.5-documentationfrom
claude/issue-8806-20260309-2321

Conversation

@Combs7th
Copy link
Contributor

@Combs7th Combs7th commented Mar 9, 2026

Documents the new DCR Redirect URI Allowlist config.json setting and System Console field added in Mattermost server v11.5 for OAuth Dynamic Client Registration (DCR) security (MM-67605).

Closes #8806

Generated with Claude Code

vish9812 and others added 3 commits March 9, 2026 19:44
@vish9812 @wiggin77
update slack migration docs (#8741)
3630b12 
* update docs

---------

Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
@amyblais @esethna
Clarify heading in deprecated features doc (#8804)
4ae87e7 
* Update deprecated-features.rst

* Update deprecated-features.rst

---------

Co-authored-by: Eric Sethna <14333569+esethna@users.noreply.github.com>
@github-actions @Combs7th
Add DCR redirect URI allowlist setting to integrations config docs
bca8f38 
Documents the new DCRRedirectURIAllowlist config.json setting and
System Console field added in Mattermost server v11.5 for OAuth
Dynamic Client Registration (DCR) security.

Co-authored-by: Combs7th <Combs7th@users.noreply.github.com>
@Combs7th Combs7th changed the base branch from master to v11.5-documentation March 9, 2026 23:35
@Combs7th Combs7th requested review from esethna and nickmisasi March 9, 2026 23:35
@Combs7th Combs7th added 1: Dev Review Requires review by a core commiter 2: Editor Review Requires review by an editor Guidance labels Mar 9, 2026
@Combs7th Combs7th added this to the v11.5.0 milestone Mar 9, 2026
@Combs7th
Copy link
Contributor Author

Combs7th commented Mar 9, 2026

@nickmisasi - Tagging you for dev review. Do the above changes look accurate?

@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026

Newest code from mattermost has been published to preview environment for Git SHA bca8f38

nickmisasi
nickmisasi requested changes Mar 10, 2026
View reviewed changes
source/administration-guide/configure/integrations-configuration-settings.rst Outdated
DCR redirect URI allowlist
~~~~~~~~~~~~~~~~~~~~~~~~~~

A list of permitted redirect URIs for OAuth Dynamic Client Registration (DCR). Enter one redirect URI per line. When configured, only OAuth clients that register via the DCR endpoint (``POST /api/v4/oauth/apps/register``) with a redirect URI matching an entry in this list will be accepted. Leave blank to allow any redirect URI.
Copy link
Contributor

@nickmisasi nickmisasi Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The redirect URI's are comma separated not line separated

@nickmisasi
Copy link
Contributor

nickmisasi commented Mar 10, 2026

There's also a bunch of slack import stuff in here I'm not sure if is intentional. I am not the best person to review those docs

@Combs7th
Copy link
Contributor Author

Combs7th commented Mar 12, 2026

@claude, please revise the docs update to address the following review feedback:

  • Correct the setting description to say the redirect URIs are comma-separated, not line-separated.
  • Keep the explanation aligned to the actual product behavior.
  • Re-check the unrelated Slack import changes in this doc and confirm whether they are intentional. If they are not required for this PR, remove them from the proposed update.

@claude
Copy link
Contributor

claude bot commented Mar 12, 2026
edited
Loading

Claude finished @Combs7th's task in 5m 36s —— View job

Changes completed

Here's a summary of what was done:

Fix: Redirect URI description corrected

In integrations-configuration-settings.rst, both the :description: directive attribute and the body text at line 173 were updated to say comma-separated instead of "Enter one redirect URI per line", aligning with the actual product behavior.

Unrelated changes removed

The two other modified files were changed by unrelated commits that were in the branch history but not part of this PR's scope:

This PR now only contains the DCR redirect URI allowlist documentation changes, as intended.

@github-actions @Combs7th
Fix DCR redirect URI docs: comma-separated, revert unrelated changes
0fdaccf 
- Update DCR redirect URI allowlist description to correctly state that
  URIs are comma-separated (not line-separated), addressing review feedback
- Revert migrate-from-slack.rst to its pre-PR state (changes from PR #8741
  are unrelated to this DCR feature and should not be in this PR)
- Revert deprecated-features.rst to its pre-PR state (changes from PR #8804
  are unrelated to this DCR feature and should not be in this PR)

Co-authored-by: Combs7th <Combs7th@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 12, 2026

Newest code from mattermost has been published to preview environment for Git SHA 0fdaccf

@Combs7th
Copy link
Contributor Author

Combs7th commented Mar 12, 2026
edited
Loading

@nickmisasi - I think the 2nd round of corrections that Claude helped with above are likely accurate now. Is there any dev you'd recommend I add here for technical review before we move to Eric for the merging?

@amyblais amyblais requested a review from nickmisasi March 13, 2026 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esethna esethna Awaiting requested review from esethna

@nickmisasi nickmisasi Awaiting requested review from nickmisasi

Assignees

No one assigned

Labels

1: Dev Review Requires review by a core commiter 2: Editor Review Requires review by an editor Guidance

Projects

None yet

Milestone

v11.5.0

Development

Successfully merging this pull request may close these issues.

Add DCR redirect URI allowlist for OAuth DCR

4 participants

@Combs7th @nickmisasi @vish9812 @amyblais