http://redmine.emweb.be/http://redmine.emweb.be/favicon.ico?16934085252015-02-15T21:55:07ZRedmineWt - Feature #3799: Error in the code class of RedirectEndpointhttp://redmine.emweb.be/issues/3799?journal_id=106862015-02-15T21:55:07ZKoen Deforchekoen@emweb.be
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Koen Deforche</i></li></ul><p>Hey,</p>
<p>I don't understand the issue you are hinting at. The difference between your suggested solution and the current implementation is that you do not perform any URL decoding of the state variable. But URL decoding is required when reading a parameter value from the URL?</p>
<p>The third party server should implement proper URL encoding when resending the state variable.</p>
<p>Koen</p>
Wt - Feature #3799: Error in the code class of RedirectEndpointhttp://redmine.emweb.be/issues/3799?journal_id=107762015-02-24T09:58:17ZGeorgiy Gluhoedov
<ul></ul><p>Hi,</p>
<p>Wt send encode state:</p>
<pre><code>uZGNJeBkdSfDL73JfLGgCg%3d%3d%7chttp%3a//localhost%3a8080/%3fwtd%3dyIEoQyIGUNiY9R0c%26request%3dresource%26resource%3dop0s7tw%26rand%3d0
</code></pre>
<p>But Russian social network [[[https://vk.com/]]] returns the decoded state value:</p>
<pre><code>uZGNJeBkdSfDL73JfLGgCg==|http://localhost:8080/?wtd=yIEoQyIGUNiY9R0c&request=resource&resource=op0s7tw&rand=0
</code></pre>
<p>Wt get parameter state:</p>
<pre><code>const std::string *stateE = request.getParameter("state");
</code></pre>
<p>And the value of the variable does not contain all data, only those, who have been to the first character '&'</p>
<pre><code>uZGNJeBkdSfDL73JfLGgCg==|http://localhost:8080/?wtd=yIEoQyIGUNiY9R0c
</code></pre> Wt - Feature #3799: Error in the code class of RedirectEndpointhttp://redmine.emweb.be/issues/3799?journal_id=107832015-02-24T23:01:29ZKoen Deforchekoen@emweb.be
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Feature</i></li><li><strong>Status</strong> changed from <i>Feedback</i> to <i>InProgress</i></li><li><strong>Target version</strong> set to <i>3.3.4</i></li></ul><p>That's a bug in the Russian social network --- it should re-encode the state properly. We could work around this by avoiding '&' in the state, by encoding a '&' with a another special character that does not confound URL query string parsing.</p>
Wt - Feature #3799: Error in the code class of RedirectEndpointhttp://redmine.emweb.be/issues/3799?journal_id=107942015-02-27T09:52:09ZGeorgiy Gluhoedov
<ul></ul><p>Koen Deforche wrote: </p>
<blockquote>
<p>That's a bug in the Russian social network --- it should re-encode the state properly. We could work around this by avoiding '&' in the state, by encoding a '&' with a another special character that does not confound URL query string parsing.</p>
</blockquote>
<p>I wrote to them about this error (that they departed from the standard OAuth 2.0) but I was ignored. This error occurs in many Russian social networks.</p>
<p>BR, Georgiy.</p>
Wt - Feature #3799: Error in the code class of RedirectEndpointhttp://redmine.emweb.be/issues/3799?journal_id=108292015-03-02T17:09:49ZKoen Deforchekoen@emweb.be
<ul><li><strong>Status</strong> changed from <i>InProgress</i> to <i>Resolved</i></li></ul> Wt - Feature #3799: Error in the code class of RedirectEndpointhttp://redmine.emweb.be/issues/3799?journal_id=110382015-03-17T07:20:40ZKoen Deforchekoen@emweb.be
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>