Problem statement
When setting custom error pages , the redirect is performed. Auth0 appends parameters to the URL as a query string. There seems to be a bug within Auth0 when generating the lang parameter.
For example, in testing with an invalid client ID, the parameters sent back to the error handler page are as follows:
&lang=en-GB%2Cen%3Bq%3D0.9%2Cfr%3Bq%3D0.8&error_description=Unknown%20client%3A%20WrongClientID&tracking=ATrackingID
When the lang value from Unicode (“en-GB%2Cen%3Bq%3D0.9%2Cfr%3Bq%3D0.8”) is converted to text, it shows a value equal to “en-GB,en;q=0.9,fr;q=0.8”.
It is unclear why ‘q=0.9,fr;q=0.8’ is added to these parameters.
Solution
The “lang” custom variable is populated from the Accept-Language header; its’ raw value may include the q-factor weighting (e.g., en-US;q=0.5). This value is placed in order of preference expressed using a relative quality value called “weight”.