Expected Behavior
Given a key/value pair preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ==" is passed into the extras scope of the AuthorizationRequest constructor
When the RedirectRequestHandler calls buildRequestUrl
Then the query parameter in the URL is &preselectedExternalProvider=YmFzZTY0IHN0cmluZyB2YWx1ZQ==
[REQUIRED] Describe expected behavior
I expect base64 strings to be passed as query parameters safely (without special character encoding)
Describe the problem
The == delimiter is being encoded in the authorization request URL created by buildRequestUrl within the performAuthorizationRequest call
[REQUIRED] Actual Behavior
Given a key/value pair preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ==" is passed into the extras scope of the AuthorizationRequest constructor
When the RedirectRequestHandler calls buildRequestUrl
Then the query parameter in the URL is &preselectedExternalProvider=YmFzZTY0IHN0cmluZyB2YWx1ZQ%3D%3D
[REQUIRED] Steps to reproduce the behavior
- Construct the authorization request using the
AuthorizationRequest constructor
a. add this key/value pair in the extras scope: preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="
- Use this request and call
performAuthorizationRequest
- Check the
preselectedExternalProvider query parameter's value in the network tab after being redirected
[REQUIRED] Environment
- AppAuth-JS version: 1.3.1
- AppAuth-JS Environment (Node, Browser (UserAgent), ...): Browser (React)
- Source code snippts (inline or JSBin)
let request = new AuthorizationRequest({
client_id: config.client_id,
redirect_uri: config.redirect_uri,
scope: config.scope,
response_type: AuthorizationRequest.RESPONSE_TYPE_CODE,
state: undefined,
extras: {
access_type: "offline",
prompt: "consent",
grant_type: GRANT_TYPE_AUTHORIZATION_CODE,
preselectedExternalProvider: config.preselectedExternalProvider,
},
});
if (this.configuration) {
this.authorizationHandler.performAuthorizationRequest(
this.configuration,
request
);
} else {
console.log(
"Fetch Authorization Service configuration, before you make the authorization request."
);
}
Expected Behavior
Given a key/value pair
preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="is passed into theextrasscope of theAuthorizationRequestconstructorWhen the
RedirectRequestHandlercallsbuildRequestUrlThen the query parameter in the URL is
&preselectedExternalProvider=YmFzZTY0IHN0cmluZyB2YWx1ZQ==[REQUIRED] Describe expected behavior
I expect base64 strings to be passed as query parameters safely (without special character encoding)
Describe the problem
The
==delimiter is being encoded in the authorization request URL created bybuildRequestUrlwithin theperformAuthorizationRequestcall[REQUIRED] Actual Behavior
Given a key/value pair
preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="is passed into theextrasscope of theAuthorizationRequestconstructorWhen the
RedirectRequestHandlercallsbuildRequestUrlThen the query parameter in the URL is
&preselectedExternalProvider=YmFzZTY0IHN0cmluZyB2YWx1ZQ%3D%3D[REQUIRED] Steps to reproduce the behavior
AuthorizationRequestconstructora. add this key/value pair in the
extrasscope:preselectedExternalProvider: "YmFzZTY0IHN0cmluZyB2YWx1ZQ=="performAuthorizationRequestpreselectedExternalProviderquery parameter's value in the network tab after being redirected[REQUIRED] Environment