Friday, 09 June 2023
  5 Replies
  479 Visits
  Subscribe
Good morning,

I'm struggling with an issue I didn't have before (I think).
I tested authentication using both TsgcHTTP_OAuth2_Client & Postman a couple of versions back and both work fine.
Upon a client starting to test, Postman and their environment are failing with a 408 (the new OAuth2OAuth2Unauthorized catches (thank you)), and it's down to the redirect URL not being decoded.

TsgcHTTP_OAuth2_Client is passing unencoded, Postman encoded:

sgc:
GET /oauth2/auth?response_type=code&client_id=client-id&redirect_uri=http://127.0.0.1:8080&scope=Administrator&state=605B22FF41024245999B23704532340C HTTP/1.1

Postman:
GET /oauth2/auth?response_type=code&client_id=client-id&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080 HTTP/1.1

if I hack:
vRedirectURI := TIdURI.URLDecode(oParams.Values['redirect_uri']);
aRequest.Redirect_URI := TIdURI.URLDecode(oParams.ValueFromIndex[i])

if works, but isn't the answer, is it possible in future to decode the Params, I know they are used everywhere so a lot of work/testing.

Ryszard