"Retrieve token: invalid form" in a loged-in session window.

[incfly]

Both @nacx and @vikaschoudhary16 mentioned they run into issues that:

1. callback URL redirection fails with empty page, and 403.
2. the authservice prints out the error log such as retrieve token: invalid form.
3. after using a incognito window, it works.

After some instrumentation, @vikaschoudhary16 found that could be due to a encoding formation issue.

---

what happens is that if I am doing fresh login into google acount as part of getting authz code, then in the callback api, broswer provides code in the encoded format, which is expected by authservice and it works

if I am already logged in and I retry getting authorization code for a new session, this time browser provides authz code, in the query params of callback uri, in the decoded format which has charatcer like /

this fails in authservice as authservice expects only encoded format

like %2f for /

will it be okay if we, authservice, look for reserved chaacters in the auth code and if found.. that means code is already in decoded form and skip decoding

[incfly]

Given this has appeared in two recent setup, I think it's worth looking a bit further.

[incfly]

@nacx @vikaschoudhary16 You could try this image gcr.io/jianfeih-test-321318/authservice:0124a to replace with your authservice deployment. This should fix the problem.

[nacx]

I'll try this week. Thanks! JFTR, I switched to Auth0 for my demo and the issue does not manifest there.

[vikaschoudhary16]

@nacx @vikaschoudhary16 You could try this image gcr.io/jianfeih-test-321318/authservice:0124a to replace with your authservice deployment. This should fix the problem.

It should work Jianfei. I tried a hack similar to the changes in the PR couple days back and that got it working.