OAuth2AuthorizationRequest additionalParameters urlencoding #9213
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
status: duplicate
A duplicate of another issue
Describe the bug
Got invalid url If defining for example json-string as additional parameter for OAuth2AuthorizationRequest.
In addition if defining already urlencoded parameter for OAuth2AuthorizationRequest - still got invalid url because the parameter is now urlencoded again.
To Reproduce
Case 1:
Define custom oauth authorization requst with extra parameter as described in: https://www.baeldung.com/spring-security-custom-oauth-requests
Add parameter 'claims' with value: '{"userinfo":{"name":null}}'
-> the resulting redirect url is invalid because the claims parameter value is not urlencoded
Case 2:
Define custom oauth authorization requst with urlencoded parameter.
Add parameter 'claims' with value: '%7B%22userinfo%22%3A%7B%22name%22%3Anull%7D%7D'
-> the resulting redirect url is invalid because the claims parameter is now double urlencoded as:
claims=%257B%2522userinfo%2522%253A%257B%2522name%2522%253Anull%257D%257D
Expected behavior
Setting extra parameter should produce valid urlencoded request parameter for the redirect url.
Sample
The text was updated successfully, but these errors were encountered: