challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE

commit 326b063a3f0c83de03a5c0f247e70e33415e0fdf
parent 04520184a0e3625ce1a6b1d978c051b21ffc404e
Author: Christian Grothoff <christian@grothoff.org>
Date:   Mon,  6 Jul 2026 11:14:16 +0200

support redirect URIs with query component by using '&' as separator in that case

Diffstat:
Msrc/challenger/challenger-httpd_common.c | 10++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/challenger/challenger-httpd_common.c b/src/challenger/challenger-httpd_common.c @@ -325,7 +325,11 @@ CH_build_full_redirect_url (const struct CHALLENGER_ValidationNonceP *nonce, } { char *code; + char sep; + /* RFC 6749 3.1.2 permits redirect URIs with a query component; + use '&' as separator if the URI already contains a '?'. */ + sep = (NULL == strchr (client_redirect_uri, '?')) ? '?' : '&'; code = CH_compute_code (nonce, client_secret, client_scope, @@ -334,8 +338,9 @@ CH_build_full_redirect_url (const struct CHALLENGER_ValidationNonceP *nonce, if (NULL == client_state) { GNUNET_asprintf (url, - "%s?code=%s", + "%s%ccode=%s", client_redirect_uri, + sep, code); } else @@ -344,8 +349,9 @@ CH_build_full_redirect_url (const struct CHALLENGER_ValidationNonceP *nonce, url_encoded = TALER_urlencode (client_state); GNUNET_asprintf (url, - "%s?code=%s&state=%s", + "%s%ccode=%s&state=%s", client_redirect_uri, + sep, code, url_encoded); GNUNET_free (url_encoded);