search

instipod / DuoUniversalKeycloakAuthenticator

Keycloak Authenticator for Duo's new Universal Prompt
GNU General Public License v3.0
50 stars 15 forks source link

RedirectUrl isn't encoded #25

Closed Batigoal closed 7 months ago

Batigoal commented 7 months ago

In the method of createAuthUrl of the Client-Ojbect the query parameters are not URL-encoded!! Especially the redirectUri, which is a security risk and doesn't work for me!

Ansa89 commented 7 months ago

I'm not sure to correctly understand your request. Anyway, I created instipod/DuoUniversalKeycloakAuthenticator#27 that should address it.