-
Notifications
You must be signed in to change notification settings - Fork 775
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trailing slash in URL breaks the auth flow #446
Comments
I am experiencing this behavior as well. In my case, I define the redirect URL without a slash to pass to the authorization request: The slash can be seen in the
After doing some debugging, in https://github.com/openid/AppAuth-iOS/blob/master/Source/OIDAuthorizationService.m#L116 A potential fix might be to relax the check on |
I had exactly the same problem. A trailing slash in the "path" part (what comes AFTER the "host" part) If the check may be relaxed, I think it should only allow to consider an empty path "" equals to "/" (just a slash and nothing after it). https://searchfacts.com/url-trailing-slash/ As a workaround, I just added a trailing slash to the redirectUrl parameter in AuthorizationRequest initialization. There was seemingly no problems with the identity provider backend. |
Related discussion including workaround in #485. |
Describe the bug
We are using a third party OpenID provider that appends a slash to the redirect URL, e.g.
scheme://my-domain.com/?code=...
(note the trailing slash after my-domain.com). When this URL is opened by the browser, the user is taken back to the app but the auth flow gets stuck. Neither a result nor an error is produced. When the same URL without the trailing slash is opened, everything works fine. We are using AppAuth iOS Version 1.1.Expected behavior
The AppAuth Android library handles this correctly and is ables to extract the authorization code from the URL, which i think should be the expected behavior.
Smartphone (please complete the following information):
Additional context
We are using a thin wrapper around app auth for flutter (https://github.com/MaikuB/flutter_appauth) which should have no effect on the library's function.
The text was updated successfully, but these errors were encountered: