@timsmid thank you for this, after upgrading to 1.0.0 we couldn't log in with Okta due to redirect URI mismatch so adding :443 to the allowed URL's in Okta allowed us to work around this bug until your PR is merged.

Any news on this topic? We're facing this bug as well

thank you @timsmid !

PR merged -> close

⚠️ Note that now having always :443 inside the redirect_uri breaks a lot of SSO sites, that have whitelisted in their firewall e.g. mydomain.com/* but not mydomain.com:443/*.

Is there any option to prevent that :443 gets added?

That is exactly the problem that this issue (and PR) solved. The port will be dropped from the redirect URL if it is 443 or 80. See https://github.com/jumbojett/OpenID-Connect-PHP/blob/470895e/src/OpenIDConnectClient.php#L716

$port = (443 === $port) || (80 === $port) ? '' : ':' . $port;

Previously, $port contained 443 as a string, which caused the port to be incorrectly included in the redirect URL. With the latest version of this library, the redirect URL should not contain :443.

Strange, in my case the :443 is always added, even with this exact code.

I have error_log'ed the $port variable, it is 443. Still it is added to the URL.

error_log( gettype($port) );

gives string not int.

That's why (443 === $port) is false, not true.

Ah, now I see that in my version it is: $port = $_SERVER['SERVER_PORT']; and not $port = (int)$_SERVER['SERVER_PORT'];

Case closed.