Redirect URL containing plus character

Dear community,

for a OAuth2 code flow we use a protocol containing a plus (+) character: web+application://callback

The character is correctly represented in the database. When /oauth2/auth is called, we get a redirect_uri not matching error. May it be due to a transformation of the plus in the URL to a space? Do you encounter the same error with a plus sign?


Hi there, please provide more information, such as the concrete error, the client config, the server, versions, and so on.

The error:

Client config:
client_id: application
client_secret: 12345678
redirect_uri: web+application://go
scope: openid
token endpoint auth method: client_secret_post

Hydra version: v1.7.4

@dominikglandorf then don’t :slight_smile: + is very special in URL encoding

@hackerman Go encodes plus char into %2B

Thanks for your reply. Unfortunately, we are not able to change the protocol of the client.

Yeah I don’t think URL schemes allow special characters like that in the scheme.

This RFC 3986 is about URIs: It says:

“Scheme names consist of a sequence of characters beginning with a
letter and followed by any combination of letters, digits, plus
(”+"), period ("."), or hyphen ("-")."

Mozilla says here that web+ is a valid prefix for custom schemes. Those protocol handlers are permitted by W3C in the HTML5 specification.

My bad then, could you open an issue in ORY Hydra or ORY Fosite containing a reproducible case? Then we can track and fix it :slight_smile:

Thank you. Here it is

1 Like

Thank you!