issues-reply at bitbucket.org
Tue Dec 15 12:54:32 UTC 2020
In #917 a correction was applied, that the session state must not contain spaces in order to be able to perform a correct split of the event data.
Example event data string that would break the suggested implementation \(client\_id is “my client”\):
my client 789080e03c593a07419ad4c08bebd8e3e28909e173191b018ec24271b87cdc6c.ruyies1xuF
This would result in client\_id=”my” and session\_state=”client”.
### Suggested fix:
Current version \(30\):
var client_id = e.data.split(' ');
var session_state = e.data.split(' ');
var client_id = e.data.substr(0, e.data.lastIndexOf(' '));
var session_state = e.data.substr(e.data.lastIndexOf(' ') + 1);
More information about the Openid-specs-ab