This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4k
Client list cookie issue #41
Labels
Comments
I thought I'd do that too. I think this change is valid. |
This is a bug in ASP.NET Core. We'll do some quick fix here until RC2 releases and fixes this real issue. |
BTW, this is the issue tracking the real fix: aspnet/HttpAbstractions#535 |
Great, thank you! |
brockallen
added a commit
that referenced
this issue
Feb 21, 2016
Ok, fixed. We'll push an updated nuget this week. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
According to the RFC for cookies (https://tools.ietf.org/html/rfc6265#section-4.1.1), a cookie value may not contain a comma.
However, as part of the
IdentityServer4.Core.Hosting.ClientCookieList.SetClients(IEnumerable<string>)
method (line 64), a JSON-serialized string is created for the list of clients. If there is a single client, this works fine, but when more than one client is authorized, this string is a comma separated list. When attempting to set the cookie value, anything after the comma is excluded from the cookie value and validation fails.I propose to convert the string to base64 after serialization, and use that for the value of the cookie. In turn, the cookie would be converted back from a base64 string in the GetClients() method (line 56).
I have modified the code and tested this locally, and can submit a pull request if desired.
The text was updated successfully, but these errors were encountered: