Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client Secret with umlaut is not encoded #10180

Open
WolfgangHG opened this issue Oct 24, 2024 · 0 comments
Open

Client Secret with umlaut is not encoded #10180

WolfgangHG opened this issue Oct 24, 2024 · 0 comments

Comments

@WolfgangHG
Copy link

WolfgangHG commented Oct 24, 2024

I defined a client secret with umlauts in my web service (using OpenIddict for OAuth2 authentication in the service).
When authenticating with SwaggerUI, the login is rejected:
swaggerui

Using Restfox, it works without problems. And Restfox gave me a hint: the request body is url encoded:

client_id=myservice&client_secret=%C3%B6rotkg%C3%B6odrtbjpo%C3%B6id%C3%B6woi4mfwp4wf3tgwp94w9&grant_type=client_credentials

So, I entered the client secret in SwaggerUI the same way, and it worked!

Thus I assume that SwaggerUI does not encode the client secret when sending the request, and I think it is a bug.

This is my original client secret (which fails):
örotkgöodrtbjpoöidöwoi4mfwp4wf3tgwp94w9
And this is url encoded (whichs works if entered like this in the "client_secret" field:
%C3%B6rotkg%C3%B6odrtbjpo%C3%B6id%C3%B6woi4mfwp4wf3tgwp94w9

I use Swashbuckle (https://github.com/domaindrivendev/Swashbuckle.AspNetCore) which currently bundles SwaggerUI 5.17.14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant