Back to sign in link in self-registration is not working properly in the my account shared to an organization

[DonOmalVindula]

Description

Back to sign in link from self-registration page is not working as expected in My account in organizations as the URL is not encoded properly. It will return a 400 error code.

Follow the steps to reproduce it.

Steps to Reproduce

1. Log into the console as admin
2. Share My account with all organizations
3. Enable self-registration including organizations and etc using the deployment.toml config
4. Create a new organization
5. Logout and go to the My Account of the created organization
6. Click on Register and you'll be directed to the sign up page (step 3 is needed to make the Register link visible)
7. Click on Sign in to go back to login page, it will fail with error 400, the root cause is the not encoded url, there is a json object (claims) on the URL

https://localhost:9443/o/e6a3a592-297c-44c4-8823-8841c47c858e/authenticationendpoint/login.do?claims={%22userinfo%22:{%22email%22:{%22essential%22:%20true},%22preferred_username%22:{%22essential%22:%20true},%22username%22:{%22essential%22:%20true},%22profile%22:{%22essential%22:%20true},%22roles%22:{%22essential%22:%20true}}}&client_id=ff89202f-43a2-4f03-ba6a-8a15de0c24ae&commonAuthCallerPath=/o/e6a3a592-297c-44c4-8823-8841c47c858e/oauth2/authorize&forceAuth=false&nonce=d12d6a9a-6182-476f-80f3-96ae1879ad38&passiveAuth=false&redirect_uri=https://localhost:9443/commonauth&response_type=code&scope=openid%20email%20profile%20phone%20address%20app_roles&state=fa1b5ddf-31cb-4583-a711-b6c4d7f207fe,OIDC&sessionDataKey=dd204b49-b3e1-43c7-ba07-c6ac225be742&relyingParty=ff89202f-43a2-4f03-ba6a-8a15de0c24ae&type=oidc&sp=My%20Account&spId=dc96a8cd-aca3-49fc-9a33-4bcc98db4453&isSaaSApp=false&authenticators=BasicAuthenticator:LOCAL

Version

IS 7.1.0

Environment Details (with versions)

No response

[robsoncombr]

Thank you for opening it @DonOmalVindula

For the record if someone reach this. I workarounded it by creating an interceptor/middleware in Cloudflare Worker until it is fixed the Worker will re-write the URL by encoding it, find code below if anyone is interested.

export default {
  async fetch(request) {
    let url = new URL(request.url);

    // Check if the request matches the specific path
    if (url.pathname.startsWith('/o/') && url.pathname.includes('/authenticationendpoint/login.do')) {
      // Encode the 'claims' query parameter
      if (url.searchParams.has('claims')) {
        let claims = url.searchParams.get('claims');
        url.searchParams.set('claims', encodeURIComponent(claims));
      }

      // Encode other query parameters as needed
      // For example, encoding 'redirect_uri'
      if (url.searchParams.has('redirect_uri')) {
        let redirectUri = url.searchParams.get('redirect_uri');
        url.searchParams.set('redirect_uri', encodeURIComponent(redirectUri));
      }

      // Update the hostname to point to the origin server
      url.hostname = 'example.com';
    }

    // Forward the modified request to the origin
    return fetch(url.toString(), request);
  }
};