Closed rbarrois closed 11 months ago
Alumnforce performs HTML escaping on the OIDC authorization query. This is invalid, and refused by compliant implementations of OIDC.
Until that is fixed, silently replace '&' with '&' in their query.
NB: If they perform HTML escaping on other parameters of the URL, this middleware will have to be updated.
Alumnforce performs HTML escaping on the OIDC authorization query. This is invalid, and refused by compliant implementations of OIDC.
Until that is fixed, silently replace '&' with '&' in their query.
NB: If they perform HTML escaping on other parameters of the URL, this middleware will have to be updated.