search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
90 stars 12 forks source link

[Bug]: Incorrect redirect uri query parameters for oauth error redirects when the redirect uri has a query parameter configured #2767

Open lyleschemmerling opened 4 weeks ago

lyleschemmerling commented 4 weeks ago

What happened?

Given a uri in the application allowed redirect URIs with a query parameter like

https://example.com/callback.php?data=info

When a user follows an oauth flow that ends up producing an OAuth error after which they are redirected to the callback,

Then the query parameters on the callback uri are malformed. Specifically the oauth error query parameters, i.e. error=invalid_request&error_reason=invalid_origin&error_description=Invalid+origin+uri+https%3A%2Faccounts.google.com will be appended to the redirect uri without the delimiting &.

https://example.com/callback.php?data=infoerror=invalid_request&error_reason=invalid_origin&error_description=Invalid+origin+uri+https%3A%2FFaccounts.google.com

Version

1.51.0

Affects Versions