Query String Parameters Not Included in Redirect URL

[nhayduk]

When the "redirect_user_back" setting is true, and the page has a query string parameter (a custom query string parameter, unrelated to any WordPress query string parameters), and uses a permalink, the custom query string parameters are not included in the Redirect URL, so after a successful login, the query string parameters are gone.

I've narrowed down the issue to this code in openid-connect-generic-client-wrapper.php (line 170):

// Capture the current URL if set to redirect back to origin page. if ( $this->settings->redirect_user_back ) { if ( ! empty( $wp->request ) ) { if ( ! empty( $wp->did_permalink ) && $wp->did_permalink ) { $redirect_url = home_url( trailingslashit( $wp->request ) ); } else { $redirect_url = home_url( add_query_arg( null, null ) ); } } else { if ( ! empty( $wp->query_string ) ) { $redirect_url = home_url( '?' . $wp->query_string ); } } }

Specifically, this line does not include the query string parameters:

$redirect_url = home_url( trailingslashit( $wp->request ) );

I'm not sure what the purpose of that line is (or the check for did_permalink), because if I just do this:

if ( ! empty( $wp->did_permalink ) && $wp->did_permalink && false ) {

It works as expected.

So to be clear, this works as expected for me, even for permalinks:

$redirect_url = home_url( add_query_arg( null, null ) );

Can anyone provide some background on the purpose of this?

if ( ! empty( $wp->did_permalink ) && $wp->did_permalink ) { $redirect_url = home_url( trailingslashit( $wp->request ) ); }

I'd be happy to submit a pull request if that is not needed anymore.

[timnolte]

I'm pretty sure there is a difference if the alternative Redirect URL feature is used. I'll have to test this out again.

[nhayduk]

We are using the Alternate Redirect URI. We're using the plugin with Azure AD B2C, which doesn't support query string parameters in the redirect URI.

[tarundvarma49]

If you're experiencing issues with an OpenID Connect (OIDC) redirect URL when it contains a query string, there are a few things you can check and consider:

1. URL encoding: Ensure that the query string in the redirect URL is properly encoded. Special characters, such as spaces or ampersands, should be encoded using percent encoding. For example, a space should be replaced with "%20," and an ampersand should be replaced with "%26."

2. URL length limitations: Some systems impose limitations on the length of URLs they can handle. If the query string or the overall length of the URL exceeds the allowed limit, it might cause issues. Check the documentation or contact the system or framework you're using to verify if there are any restrictions on URL length.

3. URL validation and parsing: Verify that the OIDC client library or framework you are using correctly handles URLs with query strings. It should be able to parse the URL and extract the necessary components (e.g., query parameters) without any issues. If you suspect an issue with the library, consider updating it to the latest version or seeking support from the library's developers.

4. Server-side handling: Ensure that the server-side code handling the OIDC redirect URL properly handles query strings. The server should be able to parse the query parameters and extract the required information for further processing. Double-check your server-side code implementation to ensure that it handles query strings correctly.

5. URL configuration: Check the configuration of the OIDC provider or authentication server. It's possible that the provider has specific requirements or limitations related to query strings in the redirect URL. Review the provider's documentation or contact their support for any specific guidelines on redirect URLs with query strings.

By reviewing and addressing these potential issues, you should be able to resolve any problems with OIDC redirect URLs that contain query strings.