Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Authentication Client
Labels:
None

Steps to Reproduce:

Hide

Make a request to a secured resources with a bearer token containing characters that needs URL encoding like a plus sign.
See reproducer repository: https://github.com/ZhivkoDelchev/elytron-oauth2-token-encoding-reproducer

Show
Make a request to a secured resources with a bearer token containing characters that needs URL encoding like a plus sign. See reproducer repository: https://github.com/ZhivkoDelchev/elytron-oauth2-token-encoding-reproducer
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/2132

When using io.quarkus:quarkus-elytron-security-oauth2 to secure http resources with Bearer tokens they are sent to the introspect endpoint without URL Encoding.
The content type of the request is "application/x-www-form-urlencoded" and RFC-6750 allows usage of characters that needs to be encoded.

Assignee:: Farah Juma

Reporter:: Zhivko Delchev (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/04/26 8:57 AM

Updated:: 2024/06/05 7:58 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates