Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double encoding of URL query string when using redirect_to in sign_in_with_oauth #246

Closed
chermdev opened this issue Mar 7, 2023 · 2 comments
Closed

Double encoding of URL query string when using redirect_to in sign_in_with_oauth #246

chermdev opened this issue Mar 7, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@chermdev
Copy link

chermdev commented Mar 7, 2023

Bug report

Describe the bug

I'm trying to use the redirect_to option when authorizing with provider in sign_in_with_oauth but the URL str value is encoded twice:

  1. from http://localhost:8000/user/
  2. to http%3A//localhost%3A8000/user/

  1. and finally the request to http%253A%2F%2Flocalhost%253A8000%2Fuser%2F

This is creating 2 issues, the redirect_to option is not working because it's not matching the allowed redirect urls from Supabase and second, the redirect url is incorrect.

To Reproduce

  1. Sign in with github or any provider and send a redirect_to value
provider = "github"
redirect_to = "http://localhost:8000/user/"

supabase.auth.sign_in_with_oauth({
            "provider": provider,
            "options": {
                "redirect_to": redirect_to
     }
})

  1. We can debug the value from the _get_url_for_provider function in https://github.com/supabase-community/gotrue-py/blob/3ec751bbc97f6917fd7c3aace24dfb67e23efbda/gotrue/_sync/gotrue_client.py#L825-L833

  2. at the start of the function the values are:

provider = "github"
params = {'redirect_to': 'http://localhost:8000/user/'}
  1. after each quote(v) the params are encoded:
    https://github.com/supabase-community/gotrue-py/blob/3ec751bbc97f6917fd7c3aace24dfb67e23efbda/gotrue/_sync/gotrue_client.py#L830-L831
params = {'redirect_to':'http%3A//localhost%3A8000/user/', 'provider':'github'}
  1. then urlencode(params) encodes all params again:
    https://github.com/supabase-community/gotrue-py/blob/3ec751bbc97f6917fd7c3aace24dfb67e23efbda/gotrue/_sync/gotrue_client.py#L832-L833
query = 'redirect_to=http%253A%2F%2Flocalhost%253A8000%2Fuser%2F&provider=github' 

return f"{self._url}/authorize?{query}"
return f"{self._url}/authorize?redirect_to=http%253A%2F%2Flocalhost%253A8000%2Fuser%2F&provider=github"

⚠ Note: I'm using the _sync client, but the same steps are in the _async.
@chermdev chermdev added the bug Something isn't working label Mar 7, 2023
@J0
Copy link
Contributor

J0 commented Mar 8, 2023

Thanks for the detailed report - feel free to file a PR, else will look at it when a slot frees up! Finishing up a tutorial on how to use OAuth with Django so hoping to fix that before the tutorial goes out yeah.

This was referenced Mar 23, 2023
Closed
Merged
@lmoj lmoj mentioned this issue May 15, 2023
Merged
J0 added a commit that referenced this issue May 25, 2023
@J0
Merge pull request #264 from lmoj/double-urlencode
dca7d9a 
fix issue #246
@silentworks
Copy link
Contributor

I'm closing this issue since a PR was merged to address it a few months ago. Please comment if the issue still persists and I'll re-open it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@silentworks @J0 @chermdev