fix(redirect): [PM-30810] Https Redirection for Cloud Users - Addressed reviewer feedback.

Patrick-Pimentel-Bitwarden · Patrick-Pimentel-Bitwarden · commit ae47e33ec0da · 2026-02-13T16:59:30.000-05:00
diff --git a/src/Core/Auth/Identity/TokenProviders/DuoUniversalTokenService.cs b/src/Core/Auth/Identity/TokenProviders/DuoUniversalTokenService.cs
@@ -166,9 +166,7 @@ private static bool IsBitwardenCloudHost(string host)
         }
 
         var normalizedHost = host.ToLowerInvariant();
-        return normalizedHost.EndsWith("bitwarden.com") ||
-               normalizedHost.EndsWith("bitwarden.eu") ||
-               normalizedHost.EndsWith("bitwarden.pw");
+        return Constants.BitwardenCloudDomains.Any(d => normalizedHost.EndsWith(d));
     }
 
     private static DuoDeeplinkScheme? GetDeeplinkSchemeOverride(HttpContext httpContext)
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
@@ -33,6 +33,11 @@ public static class Constants
     public const string SSHKeyCipherMinimumVersion = "2024.12.0";
     public const string DenyLegacyUserMinimumVersion = "2025.6.0";
 
+    /// <summary>
+    /// Domain suffixes for Bitwarden cloud-hosted environments.
+    /// </summary>
+    public static readonly string[] BitwardenCloudDomains = ["bitwarden.com", "bitwarden.eu", "bitwarden.pw"];
+
     /// <summary>
     /// Used by IdentityServer to identify our own provider.
     /// </summary>
diff --git a/src/Identity/IdentityServer/ApiClient.cs b/src/Identity/IdentityServer/ApiClient.cs
@@ -1,6 +1,7 @@
 ﻿// FIXME: Update this file to be null safe and then delete the line below
 #nullable disable
 
+using Bit.Core;
 using Bit.Core.Settings;
 using Bit.Identity.IdentityServer.RequestValidators;
 using Duende.IdentityServer.Models;
@@ -82,12 +83,9 @@ public ApiClient(
         }
         else if (id == "mobile")
         {
-            RedirectUris = new[] {
-                "bitwarden://sso-callback",
-                "https://bitwarden.com/sso-callback",
-                "https://bitwarden.eu/sso-callback",
-                "https://bitwarden.pw/sso-callback",
-            };
+            RedirectUris = new[] { "bitwarden://sso-callback" }
+                .Concat(Constants.BitwardenCloudDomains.Select(d => $"https://{d}/sso-callback"))
+                .ToArray();
             PostLogoutRedirectUris = new[] { "bitwarden://logged-out" };
         }
 

Original file line number	Diff line number	Diff line change
`@@ -166,9 +166,7 @@ private static bool IsBitwardenCloudHost(string host)`
`166`	`166`	`}`
`167`	`167`
`168`	`168`	`var normalizedHost = host.ToLowerInvariant();`
`169`		`- return normalizedHost.EndsWith("bitwarden.com") \|\|`
`170`		`- normalizedHost.EndsWith("bitwarden.eu") \|\|`
`171`		`- normalizedHost.EndsWith("bitwarden.pw");`
	`169`	`+ return Constants.BitwardenCloudDomains.Any(d => normalizedHost.EndsWith(d));`
`172`	`170`	`}`
`173`	`171`
`174`	`172`	`private static DuoDeeplinkScheme? GetDeeplinkSchemeOverride(HttpContext httpContext)`