Closed Iblis closed 4 years ago
DonMartin76
commented
4 years ago Ouch. Thanks for reporting. Most configuration just use a single authorization server (default) and thus never see this issue.
I see the second solution as the best solution; a hyphen should be allowed in the authorization server name.
Leaving this issue open for now until I (or somebody else) has time to fix this.
DonMartin76
commented
4 years ago This is actually happening not only if the auth server contains a hyphen, but also if an auth method contains a hyphen. And that is pretty bad.
DonMartin76
commented
4 years ago Will be fixed in 1.0.0-rc.10. Sorry for the inconvenience.
DonMartin76
commented
4 years ago (Changed state splitter to an exclamation mark instead of a hyphen; this was a little unfortunate)
For successful login, the login route in wicked.ui checks for the state and splits it via hyphen: https://github.com/apim-haufe-io/wicked.ui/blob/0b0973b8dc3a633cb0a424a224cf73323b89dd4a/routes/login.js#L94
This code causes issues if the auth servers name contains a hyphen. You will get a Status Code 400 (Callback state has an invalid format) because the stateList will contain more than 2 items.
Possible solutions