First of all, thanks for the library.
When I have a Provider callback that contains already a query string, the final redirect location seems to be malformed
Callback
http://localhost:3000/connect/keycloak/redirect?referrer=%2Fen%2Fsearch
Redirect Location
http://localhost:3000/connect/keycloak/redirect?referrer=%2Fen%2Fsearch?id_token=abcdefg
As you can see the query symbol (?) is already included in the Callback.
When the Redirect Location is created, the query symbol gets added again (see before id_token).
This issue creates problems when you try to parse the final URL
let url = new URL(`http://localhost:3000/connect/keycloak/redirect?referrer=%2Fen%2Fsearch?id_token=abcdefg`)
console.log(url.searchParams.get('id_token')) // null
console.log(url.searchParams.get('referrer')) // "/en/search?id_token=abcdefg"
This comes from this line
|
? `${provider.callback || '/'}?${qs.stringify(output)}` |
Meanwhile, this gets fixed, I'm using this patch workaround
patches/grant+5.4.24.patch
diff --git a/node_modules/grant/lib/response.js b/node_modules/grant/lib/response.js
index e67a013..430f746 100644
--- a/node_modules/grant/lib/response.js
+++ b/node_modules/grant/lib/response.js
@@ -105,7 +105,8 @@ var transport = ({provider, input, input:{params, state, session}, output}) => (
? output
: (!provider.transport || provider.transport === 'querystring')
- ? `${provider.callback || '/'}?${qs.stringify(output)}`
+ /* https://github.com/simov/grant/pull/329 */
+ ? `${provider.callback || '/'}${(provider.callback || '').includes('?') ? '&' : '?'}${qs.stringify(output)}`
: provider.transport === 'session'
? provider.callback
Redirect Location with patch
http://localhost:3000/connect/keycloak/redirect?referrer=%2Fen%2Fsearch&id_token=abcdef
First of all, thanks for the library.
When I have a Provider
callbackthat contains already a query string, the final redirect location seems to be malformedCallback
Redirect Location
As you can see the query symbol (
?) is already included in the Callback.When the Redirect Location is created, the query symbol gets added again (see before
id_token).This issue creates problems when you try to parse the final URL
This comes from this line
grant/lib/response.js
Line 108 in 500ab20
Meanwhile, this gets fixed, I'm using this patch workaround
patches/grant+5.4.24.patch
Redirect Location with patch