New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
U2F redirect comes w/ semicolons #141
Comments
Is this new behavior? (staring with chrome95) or has it been like this for a while? |
Looks like this behavior started with the merge of https://go-review.googlesource.com/c/go/+/325697/ in go1.17. I rebuilt my container recently with the newer version of Go, so that's when it started for me. I have a Chromebook I haven't used in a while running 93.0.4577.107 and I was able to reproduce the issue. |
Rebuilt keymaster using golang:1.16 and am no longer having an issue. Rebuilding with go1.17 was the cause of the issue. |
There are actually 2 issues regarding this issue:
I was originally focused on 1 and is related to the way we use the temlplate/html code to generate our passed back parameters. I have ideas on this but is is not as simple for testing. I will work soonish on 2 so that at least we are much more correct, even is not user friendly. |
Tested and resolved. |
Fixes issue Cloud-Foundations#141 and should fix issue Cloud-Foundations#2.
I am using keymaster as an openid connect provider. I use a U2F hardware key and Chrome 95.
After U2F SignResponse I am redirected to
/idp/oauth2/authorize?access_type=offline&client_id=<REDACTED>&redirect_uri=https://<REDACTED>/callback&response_type=code&scope=openid+profile+email+offline_access&state=<REDACTED>
This is causing an issue w/ the golang net/http which no longer allows semicolons in req.URL.RawQuery per line 2873.
Error in keymaster log:
http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192
Error in the browser: '500 Internal Server Error'
This does not occur when I use TOTP. This also does not occur when I log in to keymaster directly using U2F, only when it is part of an openid connect login for a different endpoint. Additionally I have no issue if I login to keymaster first and then navigate to my openid connect endpoint.
The text was updated successfully, but these errors were encountered: