This repository was archived by the owner on Jan 20, 2024. It is now read-only.
This repository was archived by the owner on Jan 20, 2024. It is now read-only.
[RFC] Client generates wrong authorization URL if base URL contains query parameters #144
Description
if my authorization URL is something like https://example.com/foo?bar=qux, the generated authorization URL is something like https://example.com/foo?bar=qux?client_id=.... But RFC 6749 requires the URL parameters to be kept:
The endpoint URI MAY include an "application/x-www-form-urlencoded"
formatted (per Appendix B) query component ([RFC3986] Section 3.4),
which MUST be retained when adding additional query parameters. The
endpoint URI MUST NOT include a fragment component.