This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Oauthv2 policy encoding issue for special character # in redirectURI

Posted on 07-08-2020 11:50 PM
Ramchanderch
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

We are seeing an issue in usage of OAuthv2 policy in a multi legged OAuth. We are having a scenario where the policy fails when the redirect URI (form param) has "#" character. Content type of the request is application/x-www-form-urlencoded.

It is surprising that even when the consumer sends redirect URI encoded/decoded, the string is decoded while the policy is reading data from the input and fails with 500 status code.

Is it expected that the policy to decode the form param content? Is it something apigee can fix?

Note: This issue can be mitigated by force encoding the data by using a JS function - encodeURIComponent()

0 1 214
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I don't know if Apigee can fix this , possibly.

We'd need a reproduction or illustration.

Since you have a workaround that's pretty easy... maybe you can just use that?

0 Likes