Double-encoded redirect uri on IOS

In my application, I use auth0-Cordova. It was working fine until 04 of December. From that time we can’t ‘sign in’ in the application on IOS because of the wrong URI.

So, I get 400 error

"date": "2017-12-05T15:58:02.787Z", "type": "f", "description": "The redirect_uri parameter is not valid: \"com.myDomain%3A%2F%2FmyDomain.eu.auth0.com%2Fcordova%2Fcom.myDomain%2Fcallback\" If url looks fine, check that you are not including non printable chars", "connection_id": "", "client_id": "myClientId", "ip": "userIp", "user_agent": "Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)", "details": { "body": {}, "qs": { "client_id": "clientId", "scope": "openid%20profile%20offline_access", "state": "state", "code_challenge_method": "S256", "response_type": "code", "redirect_uri": "com.myDomain%3A%2F%2FmyDomain.eu.auth0.com%2Fcordova%2Fcom.myDomain%2Fcallback", "code_challenge": "codeChallenge", "auth0Client": "authClienId%3D" }, "error": { "message": "The redirect_uri parameter is not valid: \"com.myDomain%3A%2F%2FimyDomain.eu.auth0.com%2Fcordova%2Fcom.myDomain%2Fcallback\" If url looks fine, check that you are not including non printable chars", "oauthError": "invalid_request", "type": "request-error" } }, "log_id": "49570627966157796216778371576494069746271817758977032242" }

I found that URI is double-encoded by safari view controller. I mean that first encoding of URI happens in auth0-Cordova plugin and the second happens in safari-web view.

So, as you didn’t update auth0-cordova I suppose that this happens because of Auth0 API was changed. Could you approve my version?

For example:
Expected encoded string(That’s how it is on Android):

%3A%2F%2

On safari web view:

%253A%252F%252 (double-encoded)

P.S: Android still works fine.

I’m not aware of any changes on the server-side and like you mentioned what is technically wrong is the client-side doing double encoding. I also don’t believe in coincidences when it comes to software development and this PR that was recently merged in cordova-plugin-safariviewcontroller which is used by auth0-cordova seems to be the culprit as it’s about encoding URL’s and was also applied to the iOS platform so it’s consistent with what you observe.

According to the timeline that change is available in cordova-plugin-safariviewcontroller version 1.5.0 so if you have the opportunity to test with a previous version that would allow you to be absolute sure if this is cause. If it is I would recommend to raise an issue in that repository as that ultimately should be fixed there as at least it’s a breaking change that should not have been made in a minor version update.

@jmangelo Thank you! Like you wrote above the problem was in cordova-plugin-safariviewcontroller
. After we downgrade it to version 1.4.7 everything works fine.

@jmangelo Thank you! Like you wrote above the problem was in cordova-plugin-safariviewcontroller
. After we downgrade it to version 1.4.7 everything works fine.

Thanks. GREAT!!!

Thanks. GREAT!!!

This issue was resolved at: https://github.com/EddyVerbruggen/cordova-plugin-safariviewcontroller/pull/93

@kiosk.inner Are you going to report the bug to cordova-plugin-safariviewcontroller? I was going to but don’t want to double report it if you already plan to.

Ok, do it, please.