Welcome to the Consumer Data Right Support Portal

Check out our guides, browse through our FAQs, and post your own questions for Support.

New to the Consumer Data Right? Learn more

[ARCHIVE] July2020-9 Value encoding Follow

Avatar
Elizabeth Arnold
  • Created:
  • Last edited:
  • Updated

Note: This article has been archived. It relates to a historical event that has been resolved.

Archived Text

Summary

OIDC 'state' value returned to ADR by DH was URL encoded.

Details

When the OIDC flow was returned back to the ADR after a consent was authorised in the DH portal, the 'state' value was not the same as what was sent to the DH. It was a URL encoded version of what was sent.

The problem occurs because the value has already been URL encoded. So when it arrives back to the ADR, it is URL encoded twice. E.g. for the value 'x:y' it is sent as 'x%3Ay' and is returned as 'x%253Ay'. This returned value does not match the original value so the ADR validation flow fails.

The fix implemented by the DH was to remove URL encoding on the ‘state’ value.

 

Impact

ADR adjusted the state values so that URL encoding was not required.

Workaround

Unable to create an authorised consent.

Comments

0 comments

Please sign in to leave a comment.