Skip to content

[BUG] Existing URL param in redirect uri causes issues #995

Description

@zawnk

Describe the Bug

I've just set up hister and it requires you to set your OIDC redirect uri to: https://hister.domain.com/api/oauth/callback?provider=oidc (see https://hister.org/docs/configuration under "How It Works" or https://github.com/asciimoo/hister/blob/master/config/config.go#L638).

If I set my redirect URI to this, go to hister, log in, enter my tinyauth credentials, the redirected URL has an issue, because it looks like this: /api/oauth/callback?provider=oidc?code=...
It seems that tinyauth just concatenates ?code=...&state=... but it should be &code=...&state=... since there's already the provider param. Given that it's also mandatory for github and google (see docs), I assume it's valid to do that in the OAuth workflow and the issue is on tinyauth's side.

How to Reproduce

  1. Set up hister with oauth
  2. Visit hister, log in
  3. Hister shows an error and doesn't complete the login (if you manually adjust the ? to a & in the URL, it works)

Expected Behavior

URL params check if other params are already present and adapt appropriately

Additional Context

No response

Logs

No response

Operating System

Linux

Browser

Chrome/Firefox

Tinyauth Version

v5.0.7

Docker Version (if applicable)

29.4.0

Human Written Confirmation

  • I confirm this issue was written by me and not generated by an LLM or AI assistant.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions