Bug ID 659460: URL encoded Authorization code does not work with APM OAuth client

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Apr 19, 2017
Severity: 3-Major


When the Authorization Server (AS) generates an authorization code which includes URL special character, in order to pass this code safely, AS encodes it with URL encoding. APM does not properly process this, and when OAuth client used it for retrieving an access token for a given code, OAuth client unnecessarily re-encode it, which causes the AS to reject the token request.


OAuth client fails to retrieve the token with the provided code.


AS generates an OAuth Authorization code contains URL encoded characters.


Use the iRule to either decode the authorization code when APM receives it, or when APM sends it out.

Fix Information

URL encoded authorization code now works with APM OAuth client.

Behavior Change