Error retrieving authorization code when using Pipe in state Parameter
It appears that the Box authorization endpoint (https://account.box.com/api/oauth2/authorize) does not like the pipe character being used within the state parameter weather url encoded or not.
The documentation here states the following regarding the "state" parameter : "An arbitrary string of your choosing" and makes no mention of reserved characters.
We are currently using | to store multiple parts in our state/anti forgery token and this is causing issues. Why are we against the pipe char? Box Error: invalid_client as shown with no error details.
You can quickly test this yourself using postman and adding a state parameter like (state=xyz|12345)
Please sign in to leave a comment.
Comments
0 comments