hydra: Hydra connect fails when the client secret contains "%"

Given a client with a secret of secr%et

Using hydra connect fails because this line tries to unescape the secret but it contains an invalid escape sequence.

It looks like this is handled in the express consent app by escaping the id and secret but this isn’t done with hydra connect

About this issue

Original URL
State: closed
Created 7 years ago
Comments: 18 (11 by maintainers)

Commits related to this issue

vendor: update to jwk-go 0.3 and replace glide with dep Closes #631 — committed to ory/hydra by deleted user 7 years ago
vendor: update to jwk-go 0.3 and replace glide with dep Closes #631 — committed to ory/hydra by deleted user 7 years ago

Most upvoted comments

Ah yes, this should have been fixed with https://github.com/golang/oauth2/commit/13449ad91cb26cb47661c1b080790392170385fd and is probably not included here because the lock file is outdates. I’m currently working on a PR that will also replace glide with dep and I’ll make sure to include this change as well.

Thank you for the report!

+1

aeneasr on Oct 25, 2017

Read more comments on GitHub

← hydra: Go SDK is not "go get"-able

hydra: Janitor does not report connection errors and ignores logging level →