OpenID Connect Federation 1.0: fetchEntityStatement query param issue

Let’s say there’s an entity in the federation who exposes a fetch endpoint which includes a query parameter, for example
fetch endpoint = https://fake.entity.com/federation_fetch_endpoint?param1=value1

If we call DefaultEntityStatementRetriever.fetchEntityStatement with above fetch endpoint, sub = https://subject.com and iss = https://fake.entity.com ,
the class makes a call to
https://fake.entity.com/federation_fetch_endpoint?param1=value1?sub=https%3A%2F%2Fsubject.com&iss=https%3A%2F%2Ffake.entity.com
(there is “?” instead of an “&” after “value1”, which obviously results in an error)

‌

the piece of code in DefaultEntityStatementRetriever that makes this concatenation is below:

    private void record(final HTTPRequest httpRequest) {

        URI uri = null;
        if (httpRequest.getQuery() == null) {
            uri = httpRequest.getURI();
        } else {
            try {
                uri = new URI(httpRequest.getURL() + "?" + httpRequest.getQuery());
            } catch (URISyntaxException e) {
                // ignore
            }
        }

        recordedRequests.add(uri);
    }

‌

Comments (3)