diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java index 7ce98b9559606..2e982380f61fc 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java @@ -4,6 +4,8 @@ import static io.quarkus.oidc.runtime.OidcIdentityProvider.REFRESH_TOKEN_GRANT_RESPONSE; import java.net.URI; +import java.net.URLDecoder; +import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.security.PrivateKey; import java.security.SecureRandom; @@ -940,7 +942,7 @@ private CodeAuthenticationStateBean getCodeAuthenticationBean(String[] parsedSta Authentication authentication = configContext.oidcConfig.authentication; boolean pkceRequired = authentication.pkceRequired.orElse(false); if (!pkceRequired && !authentication.nonceRequired) { - bean.setRestorePath(parsedStateCookieValue[1]); + bean.setRestorePath(URLDecoder.decode(parsedStateCookieValue[1], StandardCharsets.UTF_8)); return bean; } @@ -1177,7 +1179,7 @@ private String encodeExtraStateValue(CodeAuthenticationStateBean extraStateValue throw new AuthenticationCompletionException(ex); } } else { - return extraStateValue.getRestorePath(); + return URLEncoder.encode(extraStateValue.getRestorePath(), StandardCharsets.UTF_8); } } diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java index 3b1e45505da7c..efc8f9016876e 100644 --- a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java +++ b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java @@ -11,6 +11,7 @@ import java.io.IOException; import java.net.URI; +import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.time.Duration; import java.util.Base64; @@ -1561,12 +1562,12 @@ private String getStateCookieStateParam(Cookie stateCookie) { private String getStateCookieSavedPath(WebClient webClient, String tenantId) { String[] parts = getStateCookie(webClient, tenantId).getValue().split("\\|"); - return parts.length == 2 ? parts[1] : null; + return parts.length == 2 ? URLDecoder.decode(parts[1], StandardCharsets.UTF_8) : null; } private String getStateCookieSavedPath(Cookie stateCookie) { String[] parts = stateCookie.getValue().split("\\|"); - return parts.length == 2 ? parts[1] : null; + return parts.length == 2 ? URLDecoder.decode(parts[1], StandardCharsets.UTF_8) : null; } private Cookie getSessionCookie(WebClient webClient, String tenantId) {