connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #426 - HTTPRequest send method error response does not use UTF-8 character decoding — Bitbucket

Issue #426 resolved

Andreas Blakli created an issue 2023-06-19

The method HTTPResponse send() in src/main/java/com/nimbusds/oauth2/sdk/http/HTTPRequest.java does not explicitly decode the error responses with UTF-8 which causes issues if the error response contains characters like ‘ÆØÅ’ and the locale in the environment where the JVM runs is not UTF-8.

How to replicate:

JVM with ANSI_X3.4-1968 as locale. (Can be forced through VM options i.e. ‘-Dfile.encoding=ANSI_X3.4-1968’)
Get error response which contains the character ‘Ø'

Expected output: ��

Solution:

Add StandardCharsets.UTF_8 to InputStreamReader() on line 1038 in src/main/java/com/nimbusds/oauth2/sdk/http/HTTPRequest.java (https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/f65504ca4d8b52c42031350dac8ba916f5f4806b/src/main/java/com/nimbusds/oauth2/sdk/http/HTTPRequest.java#lines-1038)

‌

Comments (1)

Yavor Vasilev

changed status to resolved

Fixed here: 01b908da

Released:

version 10.9.2 (2023-06-21)
    * HTTPResponse.send must read error responses from InputStreamReader using
      UTF-8 character encoding (iss #426).

Thanks for the report and solution!

2023-06-21T17:33:03+00:00

Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: resolved

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!