Bug: login_hit parameter during /openid-connect/auth call doesnt handle + sign in the email. #283
Description
Capacitor version:
Run npx cap doctor:
@capacitor/cli: 6.1.0
@capacitor/core: 6.1.0
@capacitor/android: 6.1.0
@capacitor/ios: 6.1.0
Library version:
- 3.0.1
- 2.1.0
- 2.0.0
- other: (Please fill in the version you are using.)
OAuth Provider:
- Azure AD (B2C)
- Github
- Other: (Please fill in the provider you are using.)
Your Plugin Configuration
const config: CapacitorConfig = {
appId: 'myapp.cs',
appName: 'MyApp',
webDir: 'dist'
};Affected Platform(s):
- Android
- Version/API Level:
- Device Model:
- Content of your
AndroidManifest.xml
- iOS
- Version/API Level:
- Device Model:
- Content of your
Info.plist
- Web
- Browser:
Current Behavior
If the email id present in the login hint contains '+' sign then it doesnt get properly URL component encoded. Its just getting URI encoded causing the receiving system to skip the + sign in the login hint.
If I do a encodeURIComponent of the login hint then the + sign gets double encoded to %202B. If I dont do encodeURIComponent then it only get encodeURI and + sing will be missing.
I analyzed the code in web-util.js and I think below is the problem
static getAuthorizationUrl(options: WebOptions): string {
let url = options.authorizationBaseUrl + '?client_id=' + options.appId;
url += '&response_type=' + options.responseType;
if (options.redirectUrl) {
url += '&redirect_uri=' + options.redirectUrl;
}
if (options.scope) {
url += '&scope=' + options.scope;
}
url += '&state=' + options.state;
if (options.additionalParameters) {
for (const key in options.additionalParameters) {
url += '&' + key + '=' + options.additionalParameters[key];
}
}
if (options.pkceCodeChallenge) {
url += '&code_challenge=' + options.pkceCodeChallenge;
url += '&code_challenge_method=' + options.pkceCodeChallengeMethod;
}
return **encodeURI(url);**
}
Expected Behavior
Each query string parameter should be URIComponent encoded and not encodeURI to be called.
static getAuthorizationUrl(options: WebOptions): string {
let url = options.authorizationBaseUrl + '?client_id=' + encodeURIComponent(options.appId);
url += '&response_type=' + encodeURIComponent(options.responseType);
if (options.redirectUrl) {
url += '&redirect_uri=' + encodeURIComponent(options.redirectUrl);
}
if (options.scope) {
url += '&scope=' + encodeURIComponent(options.scope);
}
url += '&state=' + encodeURIComponent(options.state);
if (options.additionalParameters) {
for (const key in options.additionalParameters) {
url += '&' + key + '=' + encodeURIComponent(options.additionalParameters[key]);
}
}
if (options.pkceCodeChallenge) {
url += '&code_challenge=' + encodeURIComponent(options.pkceCodeChallenge);
url += '&code_challenge_method=' + encodeURIComponent(options.pkceCodeChallengeMethod);
}
return url;
}
Request your help in this matter.