Using a wildcard regex in the port part of a redirect URI causes a ValueError

[gwennlbh]

Describe the bug
Using a http://host:port.*-like regex pattern as a authorized redirect URI causes a system error when hitting a token endpoint. Authentik presumably tries to parse out a port number from the regex.

To Reproduce
Steps to reproduce the behavior:

1. Create app+ OAuth2 provider
2. Set authorized redirect URIs to http://localhost:4200.* (regex-type)
3. Try to do a authorization-login
4. See error

Expected behavior
Either the request works, or a form validation when setting authorized URIs prevents using this kind of pattern

Screenshots
Not applicable

Logs

Stacktrace from authentik

Traceback (most recent call last):
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py", line 518, in thread_handler
    raise exc_info[1]
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 253, in _get_response_async
    response = await wrapped_callback(
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py", line 468, in __call__
    ret = await asyncio.shield(exec_coro)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/current_thread_executor.py", line 40, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py", line 522, in thread_handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 104, in view
    return self.dispatch(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/decorators.py", line 48, in _wrapper
    return bound_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
    return view_func(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/views/token.py", line 564, in dispatch
    cors_allow(self.request, response, *allowed_origins)
  File "/authentik/providers/oauth2/utils.py", line 50, in cors_allow
    and received_origin.port == url.port
                                ^^^^^^^^
  File "/usr/local/lib/python3.12/urllib/parse.py", line 182, in port
    raise ValueError(f"Port could not be cast to integer value as {port!r}")
builtins.ValueError: Port could not be cast to integer value as '4200.*'

Version and Deployment (please complete the following information):

• authentik version: 2024.12.3
• Deployment: [e.g. docker-compose, helm]

Additional context
I'd argue that parsing part of a regex as a port number kind of misleads that the authorized URI is a regex pattern, since you could also do e.g. http://example.com:123[4-9]/callback, or plenty of other things.

[gerrewsb]

it's working for me: following you example in step 2 i use http://localhost:4200/.* and get redirected just fine.

[gwennlbh]

we didn't include the slash: http://localhost:4200.*