From cd05b2e50084caaf716e382173a17ff0a9f374af Mon Sep 17 00:00:00 2001
From: JohannesDoberer <johannes.doberer@sap.com>
Date: Mon, 30 Mar 2020 14:43:22 +0200
Subject: [PATCH] encode uri

---
 plugins/auth/public/auth-oauth2/callback.html | 2 +-
 plugins/auth/src/auth-oauth2/index.js         | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/plugins/auth/public/auth-oauth2/callback.html b/plugins/auth/public/auth-oauth2/callback.html
index a94c8bfeda..19aabf0874 100644
--- a/plugins/auth/public/auth-oauth2/callback.html
+++ b/plugins/auth/public/auth-oauth2/callback.html
@@ -87,7 +87,7 @@
           var decodedState = atob(
             decodeURIComponent(hashParams['state'])
           ).split('_luigiNonce=');
-          var appState = decodedState[0] || '';
+          var appState = decodeURI(decodedState[0]) || '';
           var nonce = decodedState[1];
 
           if (nonce !== sessionStorage.getItem('luigi.nonceValue')) {
diff --git a/plugins/auth/src/auth-oauth2/index.js b/plugins/auth/src/auth-oauth2/index.js
index 7c840044b7..513e3a7063 100644
--- a/plugins/auth/src/auth-oauth2/index.js
+++ b/plugins/auth/src/auth-oauth2/index.js
@@ -75,11 +75,9 @@ export default class oAuth2ImplicitGrant {
       settings.oAuthData.redirect_uri = `${Helpers.prependOrigin(
         settings.oAuthData.redirect_uri
       )}?storageType=${Luigi.auth().store.getStorageType()}`;
-      const nonceSegment = '_luigiNonce=' + generatedNonce;
-      const encodedNonceUrl = encodeURIComponent(
-        window.location.href + nonceSegment
+      settings.oAuthData.state = btoa(
+        encodeURI(window.location.href) + '_luigiNonce=' + generatedNonce
       );
-      settings.oAuthData.state = btoa(decodeURIComponent(encodedNonceUrl));
 
       for (const name in settings.oAuthData) {
         const node = createInputElement(name, settings.oAuthData[name]);