From 6f27735e4525d8cb426076b76bbaccf17a69b1d0 Mon Sep 17 00:00:00 2001 From: Guillaume Smet Date: Wed, 21 Aug 2024 18:39:20 +0200 Subject: [PATCH] Encode URL in OIDC cookie Fix #31802 --- .../quarkus/oidc/runtime/CodeAuthenticationMechanism.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java index 7ce98b9559606..2e982380f61fc 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java @@ -4,6 +4,8 @@ import static io.quarkus.oidc.runtime.OidcIdentityProvider.REFRESH_TOKEN_GRANT_RESPONSE; import java.net.URI; +import java.net.URLDecoder; +import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.security.PrivateKey; import java.security.SecureRandom; @@ -940,7 +942,7 @@ private CodeAuthenticationStateBean getCodeAuthenticationBean(String[] parsedSta Authentication authentication = configContext.oidcConfig.authentication; boolean pkceRequired = authentication.pkceRequired.orElse(false); if (!pkceRequired && !authentication.nonceRequired) { - bean.setRestorePath(parsedStateCookieValue[1]); + bean.setRestorePath(URLDecoder.decode(parsedStateCookieValue[1], StandardCharsets.UTF_8)); return bean; } @@ -1177,7 +1179,7 @@ private String encodeExtraStateValue(CodeAuthenticationStateBean extraStateValue throw new AuthenticationCompletionException(ex); } } else { - return extraStateValue.getRestorePath(); + return URLEncoder.encode(extraStateValue.getRestorePath(), StandardCharsets.UTF_8); } }