Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
3.1.6
-
None
-
Unknown
Description
In org.apache.cxf.rs.security.oauth2.services.AbstractImplicitGrantService the state parameter is not queryEncoded. Since it could contain spaces (as of RFC 6749 https://tools.ietf.org/html/rfc6749#page-72) it should be queryEncoded in method finalizeResponse.