Fixes escaping issues with OAuth 1.0 request tokens and cookies.

DotNetOpenAuth · Jun 10, 2013 · c645128 · c645128
1 parent c4f656a
commit c645128
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/CookieTemporaryCredentialStorage.cs b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/CookieTemporaryCredentialStorage.cs
@@ -64,7 +64,8 @@ public void SaveTemporaryCredential(string identifier, string secret) {
 			}
 
 			var encryptedToken = ProtectAndEncodeToken(identifier, secret);
-			cookie.Values[identifier] = encryptedToken;
+			var escapedIdentifier = Uri.EscapeDataString(identifier);
+			cookie.Values[escapedIdentifier] = encryptedToken;
 
 			this.httpContext.Response.Cookies.Set(cookie);
 		}
@@ -81,8 +82,9 @@ public KeyValuePair<string, string> RetrieveTemporaryCredential() {
 				return new KeyValuePair<string, string>();
 			}
 
-			string identifier = cookie.Values.GetKey(0);
-			string secret = DecodeAndUnprotectToken(identifier, cookie.Values[identifier]);
+			string escapedIdentifier = cookie.Values.GetKey(0);
+			string identifier = Uri.UnescapeDataString(escapedIdentifier);
+			string secret = DecodeAndUnprotectToken(identifier, cookie.Values[escapedIdentifier]);
 			return new KeyValuePair<string, string>(identifier, secret);
 		}