Hi all, when using the implict grant and passing a state parameter which contains special characters the state parameter in the returned redirect doesn't match.
Example: https://localhost:25443/ffauth/oauth2.0/authorize?response_type=token&client_id=swagger&redirect_uri=http%3A%2F%2Flocalhost%3A24080%2Fffwebservices%2Fswagger%2Foauth2-redirect.html&scope=write%20read&state=RnJpIEphbiAyNCAyMDIwIDA5OjQ4OjM3IEdNVCswMTAwIChNaXR0ZWxldXJvcMOkaXNjaGUgTm9ybWFsemVpdCk%3D leads to a redirect to: http://localhost:24080/ffwebservices/swagger/oauth2-redirect.html#access_token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySWl3aVkzUjVJam9pU2xkVUlpd2lkSGx3SWpvaVNsZFVJbjAuLml6NjUycnV5LV9IRXN4RTBNckRudEEuWUFmNThMN2FjanM5cExoVVpjR1hma3pYc1lrSnpFUkQtSmp6V0VyTDNMUW0tSEdVZV9Pa3FESEhnalRySVMweDhoRkhQb2JCQy12RGJnWWlxT2wyUTJONGNVMTZ3bEJCcjlMUEg3Qjk4MUUzQ1ltN0Vlb2pCa2N3VjlwZ3J3TDIwVndnc0xIbmNFc1VPZV9ic1NidnRURVM3RElxVWJfbjVUUk1OYy01TmROTGRjd2Z1V3VGNTRkcXpCMGQ3R3ZieTNqdXZJNEkwMHNpOTEyMGRoNGRsU1hxMEdDV0VwOWE3cWVaTnZSa1hWYlRrcFZHaFRNbUFBOXBkT2k2dWlrb3ZfSFNwYVRKczBkMnN3REN5ejhzVk4xUEJfamRDU3dla0dxanR5WkxZcTdnNktGMEtIZGFlakZhTzVfdk9rNkYyODNBQ2RHcmVhSjBXNjhJc2dhQkYwVUhHMUNXYzdlNDB3LTEzQk1ZTW9SazhOLVoxR092TTVreTN5elJLUnZ1OTRXelFXd0dsYl9aWmNYLW11Wldsd0JyNVFUaTItZlpDeUVFNXZuMG9zcy5jQ0xnMkYwUGdMOC1ENHl0V091djNn.n2rpw9_bXKx78LdxjSyET6xCkN5je9q-KJD_M_llMmOaDH5XZzpKTIl1cLzjz-5Ewg6WQYvM1oufkLMPeZSOKg&token_type=bearer&expires_in=86400&state=RnJpIEphbiAyNCAyMDIwIDA5OjQ4OjM3IEdNVCswMTAwIChNaXR0ZWxldXJvcMOkaXNjaGUgTm9ybWFsemVpdCk%253D As you can see the '%' is returned URL encoded as '%25'. This leads to errors like: *auth warning*Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server. In addition it seems to violate https://tools.ietf.org/html/rfc6749#section-4.2.1 Regards David -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/85797ff7-ffa6-4370-a4d6-ec9ac698a33a%40apereo.org.
