fix bug in OpenID protocol implementation that generates a wrong encoded error response

1 files changed, 6 insertions, 3 deletions

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 118c53f6b..75ea41449 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -204,9 +204,11 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
 			
 			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
 			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
-			if (MiscUtil.isNotEmpty(moaError))
-				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
 			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
+			if (MiscUtil.isNotEmpty(moaError))
+				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, 
+						URLEncoder.encode(errorUri + "#" + moaError, "UTF-8"));
+			
 			
 			response.setContentType("text/html");
 			response.setStatus(HttpServletResponse.SC_FOUND);
@@ -220,7 +222,8 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
 			Map<String, Object> params = new HashMap<String, Object>();
 			params.put(OAuth20Constants.PARAM_ERROR, errorCode);
 			params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
-			params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+			params.put(OAuth20Constants.PARAM_ERROR_URI, 
+					URLEncoder.encode(errorUri + "#" + moaError, "UTF-8"));
 			
 			// create response
 			JsonObject jsonObject = new JsonObject();