Skip to content

为什么要给state绑一个max255的限制&强制校验code_challenge_method #3260

Closed
#3261
Closed
为什么要给state绑一个max255的限制&强制校验code_challenge_method#3260
#3261
Assignees
HFO4copilot-swe-agent
Labels
backlogbugSomething isn't working
Milestone
v4.13.0
@Luminet2023

Description

@Luminet2023
Luminet2023
opened on Feb 3, 2026

Describe the bug
在进行 OAuth2/OIDC 授权请求时,GrantService 接口返回参数校验失败错误。具体表现为 state 字段长度超出限制,且 code_challenge_method 字段与预设的 S256 约束不匹配。

To Reproduce
http://localhost/session/authorize?client_id=c2929a-929a-4d3b-929a-bdcfb266c7e9&redirect_uri=https://oauth.localhost.cn/callback&scope=openid%20profile%20email&response_type=code&state=P2NsaWVudF9pZD05NTA1Yjc3N2ZmNmY2NDdmODIxMyZjb2RlX2NoYWxsZW5nZT1SUGhOb0pqdGpOc015N3h5MmVrVjdTbHFLTVNabTE2bVlUTElsX29tVGhjJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBMzAwMCUyRmF1dGglMkZjYWxsYmFjayZyZXNwb25zZV90eXBlPWNvZGUmc2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwmc3RhdGU9SnBkdUVNQ0wyOWJ3VklOWnNEOUdleHBKTVZvdHh2R1omYXBwbGljYXRpb249THVtaW5ldC1BdXRoJnByb3ZpZGVyPWx1bWluZXRfcGFuJm1ldGhvZD1zaWdudXA=
POST /api/v4/session/oauth/consent
{"client_id":"c2929a-929a-4d3b-929a-bdcfb266c7e9","response_type":"code","redirect_uri":"https://oauth.localhost.cn/callback","state":"P2NsaWVudF9pZD05NTA1Yjc3N2ZmNmY2NDdmODIxMyZjb2RlX2NoYWxsZW5nZT1SUGhOb0pqdGpOc015N3h5MmVrVjdTbHFLTVNabTE2bVlUTElsX29tVGhjJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBMzAwMCUyRmF1dGglMkZjYWxsYmFjayZyZXNwb25zZV90eXBlPWNvZGUmc2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwmc3RhdGU9SnBkdUVNQ0wyOWJ3VklOWnNEOUdleHBKTVZvdHh2R1omYXBwbGljYXRpb249THVtaW5ldC1BdXRoJnByb3ZpZGVyPWx1bWluZXRfcGFuJm1ldGhvZD1zaWdudXA=","scope":"openid profile email"}
在Debug模式下返回{
"code": 40001,
"msg": "State too long",
"error": "Key: 'GrantService.State' Error:Field validation for 'State' failed on the 'max' tag\nKey: 'GrantService.CodeChallengeMethod' Error:Field validation for 'CodeChallengeMethod' failed on the 'eq' tag"
}
Expected behavior
不应该限制state的大小&为什么强制要求code_challenge_method参数
Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: macOS 14
  • Browser chrome
  • Version pro 4.12.4 #fa35b18

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

Labels

backlogbugSomething isn't working

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions