Skip to content

Fix invalid characters in 'error_description'#728

Merged
lepture merged 2 commits intoauthlib:mainfrom
azmeuk:720-error-description
Apr 2, 2025
Merged

Fix invalid characters in 'error_description'#728
lepture merged 2 commits intoauthlib:mainfrom
azmeuk:720-error-description

Conversation

@azmeuk
Copy link
Member

@azmeuk azmeuk commented Mar 30, 2025

RFC7649 §4.1.2.1 indicates that error_description have a restricted set of allowed characters, excluding the double-quote symbol ".
This PR replaces double quote usage in error description by simple quotes, and add a check for forbidden characters when emitting a OAuth2Error.
Fixes #720

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Other, please describe:

Does this PR introduce a breaking change? (check one)

  • Yes

  • No

  • You consent that the copyright of your pull request source code belongs to Authlib's author.

@azmeuk azmeuk added bug role:authorization_server Concerns a server implementation labels Mar 30, 2025
@lepture lepture merged commit c1f237d into authlib:main Apr 2, 2025
7 checks passed
@azmeuk azmeuk deleted the 720-error-description branch April 7, 2025 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

role:authorization_server Concerns a server implementation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

error_description should not include invalid characters for oidc certification

2 participants