From 4fd3a59d8aec2367b6fb6f0b1c4b3839b87a4a80 Mon Sep 17 00:00:00 2001
From: Marc Plano-Lesay <kernald@enoent.fr>
Date: Fri, 25 Jul 2025 22:41:26 +1000
Subject: [PATCH] nixos/kanidm: accept originUrls following rfc8252 (#428204)

(cherry picked from commit 0d25584641be0de922df034fc12c045ea6b90393)
---
 nixos/modules/services/security/kanidm.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
index cf076e826640..970fbbfbb182 100644
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@@ -548,7 +548,7 @@ in
                 description = "The redirect URL of the service. These need to exactly match the OAuth2 redirect target";
                 type =
                   let
-                    originStrType = types.strMatching ".*://.*$";
+                    originStrType = types.strMatching ".*://?.*$";
                   in
                   types.either originStrType (types.nonEmptyListOf originStrType);
                 example = "https://someservice.example.com/auth/login";