Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

breakfix: Login hint and Additional Scopes broken #23

Closed
dbranco-sdc opened this issue Jul 25, 2022 · 4 comments
Closed

breakfix: Login hint and Additional Scopes broken #23

dbranco-sdc opened this issue Jul 25, 2022 · 4 comments
Assignees
@greenpau
Labels
breakfix

Comments

@dbranco-sdc
Copy link
Contributor

When using one of this features, the separator for the "Location" when redirecting remains as "?" instead "&". The configureRedirect function should be responsible to update the separator value after adding login_hint and/or additional_scopes.

Current behaviour:

/auth/oauth2/MyRealm?login_hint=dbranco+nothing@byom.de?redirect_url=http://localhost:8095/somewhere?login_hint=dbranco%2Bnothing%40byom.de

Expected:

/auth/oauth2/MyRealm?login_hint=dbranco+nothing@byom.de&redirect_url=http://localhost:8095/somewhere?login_hint=dbranco%2Bnothing%40byom.de
@nekrondev nekrondev mentioned this issue Jul 25, 2022
Closed
@nekrondev
Copy link

Yea.. run into this issue with redirecting to expired HTML pages (see https://github.com/authp/authp.github.io/issues/38):

File: pkg/authz/handlers/redirect.go

Just set the "&" separator after login_hint or additional_scopes had been added.

        if len(rr.Redirect.LoginHint) > 0 {
                loginHint := rr.Redirect.LoginHint
                escapedLoginHint := url.QueryEscape(loginHint)
                rr.Redirect.AuthURL = fmt.Sprintf("%s%slogin_hint=%s", rr.Redirect.AuthURL, rr.Redirect.Separator, escapedLoginHint)
                rr.Redirect.Separator = "&"
        }

        if len(rr.Redirect.AdditionalScopes) > 0 {
                additionalScopes := rr.Redirect.AdditionalScopes
                escapedAdditionalScopes := url.QueryEscape(additionalScopes)
                rr.Redirect.AuthURL = fmt.Sprintf("%s%sadditional_scopes=%s", rr.Redirect.AuthURL, rr.Redirect.Separator, escapedAdditionalScopes)
                rr.Redirect.Separator = "&"
        }

@dbranco-sdc
Copy link
Contributor Author

Yea.. run into this issue with redirecting to expired HTML pages (see authp/authp.github.io#38):

File: pkg/authz/handlers/redirect.go

Just set the "&" separator after login_hint or additional_scopes had been added.

        if len(rr.Redirect.LoginHint) > 0 {
                loginHint := rr.Redirect.LoginHint
                escapedLoginHint := url.QueryEscape(loginHint)
                rr.Redirect.AuthURL = fmt.Sprintf("%s%slogin_hint=%s", rr.Redirect.AuthURL, rr.Redirect.Separator, escapedLoginHint)
                rr.Redirect.Separator = "&"
        }

        if len(rr.Redirect.AdditionalScopes) > 0 {
                additionalScopes := rr.Redirect.AdditionalScopes
                escapedAdditionalScopes := url.QueryEscape(additionalScopes)
                rr.Redirect.AuthURL = fmt.Sprintf("%s%sadditional_scopes=%s", rr.Redirect.AuthURL, rr.Redirect.Separator, escapedAdditionalScopes)
                rr.Redirect.Separator = "&"
        }

Thanks for your answer, this was my fault when added the Additional Scopes functionality. I will add the fix plus going to write some tests to avoid forget this kind of things.

@dbranco-sdc dbranco-sdc mentioned this issue Aug 4, 2022
Merged
@TobiX TobiX mentioned this issue Aug 17, 2022
Closed
@greenpau
Copy link
Owner

Merged.

@greenpau
Copy link
Owner

FYI, the fix is now a part of v1.1.15 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
breakfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@greenpau @nekrondev @dbranco-sdc