Describe the Bug
I've just set up hister and it requires you to set your OIDC redirect uri to: https://hister.domain.com/api/oauth/callback?provider=oidc (see https://hister.org/docs/configuration under "How It Works" or https://github.com/asciimoo/hister/blob/master/config/config.go#L638).
If I set my redirect URI to this, go to hister, log in, enter my tinyauth credentials, the redirected URL has an issue, because it looks like this: /api/oauth/callback?provider=oidc?code=...
It seems that tinyauth just concatenates ?code=...&state=... but it should be &code=...&state=... since there's already the provider param. Given that it's also mandatory for github and google (see docs), I assume it's valid to do that in the OAuth workflow and the issue is on tinyauth's side.
How to Reproduce
- Set up hister with oauth
- Visit hister, log in
- Hister shows an error and doesn't complete the login (if you manually adjust the ? to a & in the URL, it works)
Expected Behavior
URL params check if other params are already present and adapt appropriately
Additional Context
No response
Logs
No response
Operating System
Linux
Browser
Chrome/Firefox
Tinyauth Version
v5.0.7
Docker Version (if applicable)
29.4.0
Human Written Confirmation
Describe the Bug
I've just set up hister and it requires you to set your OIDC redirect uri to: https://hister.domain.com/api/oauth/callback?provider=oidc (see https://hister.org/docs/configuration under "How It Works" or https://github.com/asciimoo/hister/blob/master/config/config.go#L638).
If I set my redirect URI to this, go to hister, log in, enter my tinyauth credentials, the redirected URL has an issue, because it looks like this:
/api/oauth/callback?provider=oidc?code=...It seems that tinyauth just concatenates
?code=...&state=...but it should be&code=...&state=...since there's already theproviderparam. Given that it's also mandatory for github and google (see docs), I assume it's valid to do that in the OAuth workflow and the issue is on tinyauth's side.How to Reproduce
Expected Behavior
URL params check if other params are already present and adapt appropriately
Additional Context
No response
Logs
No response
Operating System
Linux
Browser
Chrome/Firefox
Tinyauth Version
v5.0.7
Docker Version (if applicable)
29.4.0
Human Written Confirmation