From 8259ff02c56e06e0052e6ae8a91c59e011fb67ee Mon Sep 17 00:00:00 2001
From: Yasuhiro ABE <yasu-abe@u-aizu.ac.jp>
Date: Tue, 10 Sep 2024 16:32:07 +0900
Subject: [PATCH] Fixed the unescaped redirect_uri causes the mismatch with the
 requested one. (#2766)

Signed-off-by: Yasuhiro ABE <yasu-abe@u-aizu.ac.jp>
---
 server/oauth2.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/oauth2.go b/server/oauth2.go
index ec972bea..0fa7d4bc 100644
--- a/server/oauth2.go
+++ b/server/oauth2.go
@@ -457,7 +457,8 @@ func (s *Server) parseAuthorizationRequest(r *http.Request) (*storage.AuthReques
 		return nil, newDisplayedErr(http.StatusBadRequest, "Failed to parse request.")
 	}
 	q := r.Form
-	redirectURI, err := url.QueryUnescape(q.Get("redirect_uri"))
+	redirectURI := q.Get("redirect_uri")
+	_, err := url.QueryUnescape(redirectURI)
 	if err != nil {
 		return nil, newDisplayedErr(http.StatusBadRequest, "No redirect_uri provided.")
 	}