phavekes
commented
2 hours ago https://github.com/OpenConext/OpenConext-oidcng/commit/1e37b3df9d263e3e92561fc28c0f5376f6c5f486 (Okke Harsta - Jun 7, 2024)
Closed phavekes closed 2 hours ago
phavekes
commented
2 hours ago https://github.com/OpenConext/OpenConext-oidcng/commit/1e37b3df9d263e3e92561fc28c0f5376f6c5f486 (Okke Harsta - Jun 7, 2024)
This issue is imported from pivotal - Originaly created at Jun 4, 2024 by Bart Geesink
Previously we added the decoding / encoding option for the state parameter: https://github.com/OpenConext/OpenConext-oidcng/commit/be98010ca0f47ce987a55650a32f8d285fe49039 Allthough technically correct, it provides a challenge to existing installations (since some parties send the state parameter encoded, and do not mind it comes back decoded). So I am afraid we have to undo this change, or make it configurable, so new installations can make use of the correct way to return the state parameter.