Given a uri in the application allowed redirect URIs with a query parameter like
https://example.com/callback.php?data=info
When a user follows an oauth flow that ends up producing an OAuth error after which they are redirected to the callback,
Then the query parameters on the callback uri are malformed. Specifically the oauth error query parameters, i.e. error=invalid_request&error_reason=invalid_origin&error_description=Invalid+origin+uri+https%3A%2Faccounts.google.com will be appended to the redirect uri without the delimiting &.
What happened?
Given a uri in the application allowed redirect URIs with a query parameter like
https://example.com/callback.php?data=info
When a user follows an oauth flow that ends up producing an OAuth error after which they are redirected to the callback,
Then the query parameters on the callback uri are malformed. Specifically the oauth error query parameters, i.e.
error=invalid_request&error_reason=invalid_origin&error_description=Invalid+origin+uri+https%3A%2Faccounts.google.com
will be appended to the redirect uri without the delimiting&
.https://example.com/callback.php?data=infoerror=invalid_request&error_reason=invalid_origin&error_description=Invalid+origin+uri+https%3A%2FFaccounts.google.com
Version
1.51.0
Affects Versions