dougbeal
commented
6 years ago here is the state from https://🕸💍.ws “xxxxxxx%2BprWL6VvMXYUgOn5hg2L1krkFOUjbn9%2FXBrA%3D”
and where is what is sent back “xxxxxxx+prWL6VvMXYUgOn5hg2L1krkFOUjbn9/XBrA”
WordPress IndieAuth is modifying secret when they have encoded spaces (and stripping encoded =), breaking any login attempts that have those in the secret.
07:34 GWG: I made a test case for you for this issue
https://indieauth.rocks/client/state/
(Originally published at: https://crw.moe/b/Uz)