Claim header values are encoded in UTF-8 character set as opposed to ISO-8859-1 character set
nvchaudhari1991 opened this issue · 1 comments
We are using the claim headers being injected by mod_auth_openidc plugin for authenticated requests in our service which is deployed on apache tomcat.
What we noticed is mod_auth_openidc plugin is encoding the value as per the UTF-8 character set as opposed to the ISO-8859-1 character set which is causing the problem.
As per RFC standard, By default, message header field parameters in Hypertext Transfer Protocol (HTTP) messages cannot carry characters outside the ISO-8859-1 character set(Reference - https://www.rfc-editor.org/rfc/rfc5987)
Apache Tomcat is properly decoding the values in ISO-8859-1 character set as per specification but since it receives the claim header from mod_auth_openidc plugin which are in UTF-8 character set, the wrong value is being interpreted by the application.
For example, say we have a user with the first name as GÜnther in IDP then mod_auth_openidc sends the header OIDC_FIRSTNAME with value G\xc3\x9cnther (This is encoded in UTF-8 character set) to the application which decodes it to GÃ�nther using ISO-8859-1 character set causing mentioned issue.
Thus, we think that encoding for header values needs to be changed to ISO-8859-1 character set on mod_auth_openidc however if you are reluctant to change the implementation, it would be great if you can give us the option to choose the encoding we want to use and keep the UTF-8 encoding as the default behavior.