Why do we escape "+" characters in the authorization token?

[dsboulder]

My company uses vCD server 5.5.3 (with non-ldap local auth) and we're attempting to use this library against it. The server sometimes returns base64 encoded tokens with "+" characters in it, and the library URI encodes them to %2B. But the vCD server rejects those tokens as invalid. If I remove the gsub call the ruby gem works perfectly. I was wondering how this works with vCloudAir and I discovered those tokens are pure hex and never contain a "+". Can someone safely remove the .gsub() call in connection.rb so that this library works with vCD 5.5.3 as configured by us?

Here's the code snippet that's questionable (line 40):

        unless @cookies["vcloud-token"].gsub!("+", "%2B").nil?

[dsboulder]

@louis-lam represents our IT department. We tried going directly to the vCD server (bypassing the LB) and got the same issue with tokens containing a "+" in them.

[evanchsa]

The SDK isn't following the vCloud API authentication pattern. It's relying on an undocumented cookie. We're going to remove the cookie processing entirely and follow the documented authentication procedure.

[dsboulder]

That sounds great; but we are broken right now. Is there any timeline you guys have in mind? Can we remove the + in the meantime?

Sent from my iPhone

On Jun 16, 2015, at 9:11 AM, Stephen Evanchik [email protected] wrote:

The SDK isn't following the vCloud API authentication pattern. It's relying on an undocumented cookie. We're going to remove the cookie processing entirely and follow the documented authentication procedure.

—
Reply to this email directly or view it on GitHub.