Bug de Redirecionamento do OAuth

Hello. We use Discourse for our forum at Exercism. Thank you for your work on it.

Part of our flow is that GitHub issues get automatically closed with a request to create a forum post instead, with the body of the forum post as part of the URL. This has worked great up to one post today.

If you visit this GitHub issue and click the “this link” link, you’ll see an oauth loop that ends in “Oops. The software powering this discussion forum encountered an unexpected problem. We apologize for the inconvenience”.

If you are already logged into the forum it works and (at least it does for me, I’ve had some mixed reports from our maintainers).

I suspect there is some encoding issue that is occuring on the oauth setup or redirect-path.

In case this isn’t clear, I recorded a 15s Loom to demonstrate: Latest topics - Exercism - 4 September 2025 | Loom

Hey @iHiD thanks for the report and repro - it does look like it’s an encoding error with the way it’s linking to the forum:

I suspect you’re missing a URL encode on the issue body.

The link provided is:

https://forum.exercism.org/new-topic?title=Group%20all%20GitHub%20Actions%20updates%20into%20a%20single%20larger%20pull%20request&body=https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups--%0D%0A%0D%0AReduces%20the%20number%20of%20pull%20requests%20to%20review%20and%20voids%20blockages%20like:%0D%0A*%20#23%20vs.%0D%0A*%20#27%20vs.%0D%0A*%20#28%20by%20putting%20them%20all%20in%20a%20single%20pull%20request&category=free-pascal

The body includes text that should be URL encoded such as slashes, and pound symbols.

While it does work directly, because browsers are smart and handle things like this, our redirection logic sets a destination URL via given parameters, and targets whatever parameters were originally given - without proper encoding, I suspect this is what’s breaking that particular redirect.

Using a URL link with the body encoded, I do not get this issues. The properly encoded link looks like this:

https://forum.exercism.org/new-topic?title=test&body=https%3A%2F%2Fdocs.github.com%2Fen%2Fcode-security%2Fdependabot%2Fworking-with-dependabot%2Fdependabot-options-reference%23groups--%250D%250A%250D%250AReduces%2520the%2520number%2520of%2520pull%2520requests%2520to%2520review%2520and%2520voids%2520blockages%2520like%3A%250D%250A*%2520%2323%2520vs.%250D%250A*%2520%2327%2520vs.%250D%250A*%2520%2328%2520by%2520putting%2520them%2520all%2520in%2520a%2520single%2520pull%2520request%26category%3Dfree-pascal&category=free-pascal

Thanks for the prompt response, and the confirmation!

I’ll ask if someone in our community to fix it then. You can safely consider this closed!