Skip to content

OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963

New issue
New issue
Closed
Closed
OAuth2AuthorizationCodeGrantFilter should also match on query parameters#7963
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
5.3.0
@jgrandja

Description

@jgrandja
jgrandja
opened on Feb 10, 2020

The current implementation of OAuth2AuthorizationCodeGrantFilter does not match on the query parameters that may be contained in the registered redirect_uri.

As per spec, in section 3.1.2 Redirection Endpoint:

The redirection endpoint URI MUST be an absolute URI as defined by
[RFC3986] Section 4.3. The endpoint URI MAY include an
"application/x-www-form-urlencoded" formatted (per Appendix B) query
component ([RFC3986] Section 3.4), which MUST be retained when adding
additional query parameters. The endpoint URI MUST NOT include a
fragment component.

We should apply this fix to ensure the OAuth2AuthorizationCodeGrantFilter also matches on the query parameters.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions