Community
Select to view content in your preferred language

ArcGIS Enterprise 11.1 OAuth regression ?!

3700
10
Jump to solution
05-02-2023 07:49 AM
NicolasGIS
by
Frequent Contributor
‎05-02-2023 07:49 AM

Hello,

Since we upgraded our ArcGIS Enterprise from 11.0 to 11.1, applications using OAuth can no longer authenticate.

Indeed, response redirection (https://myapp.company.com?code=foo&state={bar}) is rejected by our webserver with the following error:

HTTP 400: Invalid character found in the request target: The valid characters are defined in RFC 7230 and RFC 3986.

Description: The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Reports are coming mainly from users using Apache Tomcat web server and NGINX.

Seems like curly braces are no longer encoded ?! 

Thanks,

Nicolas

10 Replies
Bobba
by
New Contributor
‎01-19-2024 06:30 PM

@JTessier, Unfortunately, I haven't found a complete solution, but I've managed to mitigate the issue by provisioning the application on a different subdomain. It's not ideal, but it's a temporary workaround for now.