urldecode the access_token in GetORODetails call
danielneu opened this issue · comments
Hi Shravan,
we just encountered a situation where the API told us, that the access_token is not a valid AddressConstenToken.
The cause was that we extracted the value with $_REQUEST['access_token'] and simply passed it on to the call.
The format was ATza%7d... instead of Atza|..., so the call failed. A urldecode solved the problem.
Could you please add a check, so that the value can be passed in and the SDK takes care about the rest?
Best wishes
Daniel
hi Daniel
the code in the lines below should have worked. i URL decode the access token and encode it again as that is the required manner in which the access token has to be sent. I will also double verify and check this by sending the accesstoken both ways (Atza% & Atza |)
// To make sure double encoding doesn't occur decode first and encode again.
$accessToken = urldecode($accessToken);
$url = $this->profileEndpoint . '/auth/o2/tokeninfo?access_token=' . urlEncode($accessToken);
Hi Shravan,
I was just thinking if we could do something like the following inside the SDK:
if(!strpos($access_token, "|"){
$access_token = urldecode($access_token);
}
...
Or something more elaborate, but I think the idea is clear.
Best wishes
Daniel