authorization_uri Supports Query Parameters

[jzheaux]

Fixes: gh-5760

[jzheaux]

@jgrandja note that while UriComponentsBuilder can encode query parameters on its own, it does not encode the redirect_uri in the same way as URLEncoder.encode.

For that reason, the code still manually encodes the query parameters. However, let me know if it's okay to change the existing way redirect_uri is encoded. Specifically : and / are not encoded by UriComponentsBuilder.

[rwinch]

@jzheaux Do we know why there is a difference? Is this something we should take up with Spring Framework team?

[jzheaux]

@rwinch It appears to be related to RFC 3986 (emphasis mine):

The characters slash ("/") and question mark ("?") may represent data
within the query component. Beware that some older, erroneous
implementations may not handle such data correctly when it is used as
the base URI for relative references (Section 5.1), apparently
because they fail to distinguish query data from path data when
looking for hierarchical separators. However, as query components
are often used to carry identifying information in the form of
"key=value" pairs and one frequently used value is a reference to
another URI, it is sometimes better for usability to avoid percent-
encoding those characters.

[jzheaux]

Given that UriComponentsBuilder likely has reasonable defaults and given this recommendation from the spec, I'd prefer to just rely on UriComponentsBuilder to do the encoding. Are there reasons the code needs to continue percent-encoding / and :?

[jzheaux]

@rwinch @jgrandja I've updated this to rely on UriComponentsBuilder for encoding as well.

[jgrandja]

@jzheaux This looks great. As an FYI, encode() defaults to StandardCharsets.UTF_8 so no need to be explicit with encode(StandardCharsets.UTF_8). I'm indifferent on whether you keep it as-is or change it to encode().

Can you please merge this?

[jzheaux]

@jgrandja yes, I considered that, but I prefer the explicit statement to use UTF-8, as you may have gathered.