Update allowlisted OAuth redirect URIs for Wear OS (#77411)

homeassistant/components/auth/indieauth.py

@@ -38,9 +38,15 @@ async def verify_redirect_uri(
 
     # Whitelist the iOS and Android callbacks so that people can link apps
     # without being connected to the internet.
-    if redirect_uri == "homeassistant://auth-callback" and client_id in (
-        "https://home-assistant.io/android",
-        "https://home-assistant.io/iOS",
+    if (
+        client_id == "https://home-assistant.io/iOS"
+        and redirect_uri == "homeassistant://auth-callback"
+    ):
+        return True
+
+    if client_id == "https://home-assistant.io/android" and redirect_uri in (
+        "homeassistant://auth-callback",
+        "https://wear.googleapis.com/3p_auth/io.homeassistant.companion.android",
     ):
         return True
 

tests/components/auth/test_indieauth.py

@@ -183,3 +183,16 @@ async def test_verify_redirect_uri_android_ios(client_id):
         assert not await indieauth.verify_redirect_uri(
             None, "https://incorrect.com", "homeassistant://auth-callback"
         )
+
+        if client_id == "https://home-assistant.io/android":
+            assert await indieauth.verify_redirect_uri(
+                None,
+                client_id,
+                "https://wear.googleapis.com/3p_auth/io.homeassistant.companion.android",
+            )
+        else:
+            assert not await indieauth.verify_redirect_uri(
+                None,
+                client_id,
+                "https://wear.googleapis.com/3p_auth/io.homeassistant.companion.android",
+            )