Open jbdoster opened 1 year ago
I guess really it would be part of this util: https://github.com/openid/AppAuth-JS/blob/39a21adacf2184629f326e36372ccf1990267e7e/src/query_string_utils.ts#L55
We could first test if the string value input[key]
is base64 encoded, and if so, assign the value without encoding
Expected Behavior
Given a key/value pair
preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="
is passed into theextras
scope of theAuthorizationRequest
constructor When theRedirectRequestHandler
callsbuildRequestUrl
Then the query parameter in the URL is&preselectedExternalProvider=YmFzZTY0IHN0cmluZyB2YWx1ZQ==
[REQUIRED] Describe expected behavior
I expect base64 strings to be passed as query parameters safely (without special character encoding)
Describe the problem
The
==
delimiter is being encoded in the authorization request URL created bybuildRequestUrl
within theperformAuthorizationRequest
call[REQUIRED] Actual Behavior
Given a key/value pair
preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="
is passed into theextras
scope of theAuthorizationRequest
constructor When theRedirectRequestHandler
callsbuildRequestUrl
Then the query parameter in the URL is&preselectedExternalProvider=YmFzZTY0IHN0cmluZyB2YWx1ZQ%3D%3D
[REQUIRED] Steps to reproduce the behavior
AuthorizationRequest
constructor a. add this key/value pair in theextras
scope:preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="
performAuthorizationRequest
preselectedExternalProvider
query parameter's value in the network tab after being redirected[REQUIRED] Environment
Source code snippts (inline or JSBin)