Backslahes in URI component

  • thakur.suryadeo
    Participant
    # 1 month ago

    I am trying to implement the miniorange oauth server on wordpress. The goal is to use the wordpress credentials to sign as SSO on a client.

    So far I cannot seem to get it working.
    I always see the encoded URL state component has backslashes added to it.

    "https://eabo.gemeinde.de/sso-callback?code=CODE&state=%7B%5C%5C%5C%22sid%5C%5C%5C%22%3A%5C%5C%5C%22SID%5C%5C%5C%22%2C%5C%5C%5C%22url%5C%5C%5C%22%3A%5C%5C%5C%22https%3A%5C%5C%5C%5C%2F%5C%5C%5C%5C%2Feabo.gemeinde.de%5C%5C%5C%5C%2F%5C%5C%5C%22%7D"

    which results in sso login failure with unkown error status.

    When manually decoding the URL string with JS decodeURIComponent



    https://eabo.gemeinde.de/sso-callback?code=CODE&state={\\\\\\"sid\\\\\\":\\\\\\"SID\\\\\\",\\\\\\"url\\\\\\":\\\\\\"https:\\\\\\\\/\\\\\\\\/eabo.gemeinde.de\\\\\\\\/\\\\\\"}

    and remove the backslahes using replace(/\\/g, ”)

    It results into

    https://eabo.gemeinde.de/sso-callback?code=CODE&state={"sid":"SID","url":"https://eabo.gemeinde.de/"}

    And this loggs in successfully. Which tells me the SSO client cannot handle payload with backslashes.

    I want to know if it is the SSO Server or the wordpress adding the backslashes here.

    Or has anyone experienced something similar ? I saw something similar in Stackoverflow post which states that json_encode adds backlashes.

    I just need to confirm if it is a miniorange problem or wordpress

    manaspatil
    Participant
    # 4 weeks, 1 day ago

    Hi there,

    Thank you for bringing this to our attention.

    We have identified the issue you mentioned, the plugin is currently not handling JSON based state parameters correctly and our team is working on a fix for this. We will release this fix in our next release which will be available on the WordPress plugin repository on Friday or early next week.

    If you want you can also reach out to us using the support from in the plugin and we can provide you with a quick patch before the release.

    Thanks,
    Team miniOrange

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.