New parameter in redirect uri breaks redirect uri

[StefanSzakacs21]

Describe the bug
Up until now we were getting the usual code, scope, state and session state redirect uri params. After an update on the server we started receiving the "iss" param too. This now breaks the redirect uri, it will append &iss without value to our redirectUri instead of processing it completely and removing it, just as with the other params mentioned above, and hence break the routing. Instead of localhost:4200/logging-in we get localhost:4200/logging-in&iss

To Reproduce
Steps to reproduce the behavior:

1. Have an extra param sent from the server

Expected behavior
Ignore the extra parameters

Desktop (please complete the following information):

• OS: macOS
• Angular 8.2
• angular-ouath2-oidc: 10.0.3

[jeroenheijmans]

Just a quick thought, I recall seeing #959, would you reckon that's the same type of issue?

[StefanSzakacs21]

Yes, it seems to be the same issue, similarly the parameter's key is taken out and appended to the redirectUri directly, without even a /?, directly with ./logging-in&parameter-name after the params are processed

[ajurge]

I also have the same issue with the iss and also client_id query parameters in the redirect response Location header from our oauth server. We are using code flow with PKCE. iss query parameter produces the following error:

 RouterErrorHandler: Error: Cannot match any routes. URL Segment: '&iss'

The URL looks something like this: http://www.app.com/context/&iss=https%3A%2F%2Foauth.server.com%3A443%2Fsecure%2Foauth2&client_id=CLIENT_ID

Since angular-oauth2-oidc only removes the code and state query parameters so I had to implement a workaround into our app and remove iss and client_id . Then everything works.

angular-oauth2-oidc: 10.0.3
angular 11.2.5

[manfredsteyer]

Can you please retry it with version 12 (lands later today) and reopen this issue if it is still in place. I have the impression, its gone now.

[ajurge]

It works now, thanks for fixing it.