Merge pull request livecode#7381 from bwmilby/bwm-22557-oauth2

livecodepanos · web-flow · commit 6ed3a90f6524 · 2020-06-26T08:21:41.000+03:00
[Bug 22557] OAuth2 - Prevent double URL encoding of authentication code
diff --git a/extensions/script-libraries/oauth2/notes/22557.md b/extensions/script-libraries/oauth2/notes/22557.md
@@ -0,0 +1 @@
+# [22557] Prevent double URL encoding of authentication code
diff --git a/extensions/script-libraries/oauth2/oauth2.livecodescript b/extensions/script-libraries/oauth2/oauth2.livecodescript
@@ -238,13 +238,14 @@ command OAuth2 pAuthURL, pTokenURL, pClientID, pClientSecret, pScopes, pPort, pP
    
    local tResult
    put the dialogData into tResult
+   -- all keys/values in tResult are already URL encoded
    
    if tResult["code"] is not empty then
       local tParams
       put "grant_type=authorization_code" into tParams
       put "&client_id=" & urlEncode(pClientID) after tParams
       put "&client_secret=" & urlEncode(pClientSecret) after tParams
-      put "&code=" & urlEncode(tResult["code"]) after tParams
+      put "&code=" & tResult["code"] after tParams
       put "&redirect_uri=" & urlEncode(kRedirectURL & ":" & pPort & "/") after tParams
       
       local tResponse

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+# [22557] Prevent double URL encoding of authentication code`