From 62dc44062da495b4107e9b8598730de20eab3104 Mon Sep 17 00:00:00 2001
From: Tim Smid <timsmid@gmail.com>
Date: Fri, 15 Dec 2023 09:45:17 +0100
Subject: [PATCH] Cast SERVER_PORT to integer

---
 CHANGELOG.md                | 5 +++++
 src/OpenIDConnectClient.php | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d4be9ff7..a2f0d4b2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [unreleased]
+
+### Fixed
+- Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
+
 ## [1.0.0] - 2023-12-13
 
 ### Added
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index 6aa80b17..aea060fc 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -696,7 +696,7 @@ public function getRedirectURL(): string
         if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) {
             $port = (int)$_SERVER['HTTP_X_FORWARDED_PORT'];
         } elseif (isset($_SERVER['SERVER_PORT'])) {
-            $port = $_SERVER['SERVER_PORT'];
+            $port = (int)$_SERVER['SERVER_PORT'];
         } elseif ($protocol === 'https') {
             $port = 443;
         } else {