Handle when equals sign shows up in a parameter (microsoft#265737)

TylerLeonhardt · web-flow · commit 502442926f5e · 2025-09-08T21:21:54.000Z
ref microsoft#265733
diff --git a/src/vs/base/common/oauth.ts b/src/vs/base/common/oauth.ts
@@ -872,19 +872,27 @@ export function parseWWWAuthenticateHeader(wwwAuthenticateHeaderValue: string):
 					currentChallenge = { scheme: beforeSpace.trim(), params: {} };
 
 					// Parse the parameter part
-					const [key, value] = afterSpace.split('=').map(s => s.trim().replace(/"/g, ''));
-					if (key && value !== undefined) {
-						currentChallenge.params[key] = value;
+					const equalIndex = afterSpace.indexOf('=');
+					if (equalIndex > 0) {
+						const key = afterSpace.substring(0, equalIndex).trim();
+						const value = afterSpace.substring(equalIndex + 1).trim().replace(/^"|"$/g, '');
+						if (key && value !== undefined) {
+							currentChallenge.params[key] = value;
+						}
 					}
 					continue;
 				}
 			}
 
 			// This is a parameter for the current challenge
 			if (currentChallenge) {
-				const [key, value] = token.split('=').map(s => s.trim().replace(/"/g, ''));
-				if (key && value !== undefined) {
-					currentChallenge.params[key] = value;
+				const equalIndex = token.indexOf('=');
+				if (equalIndex > 0) {
+					const key = token.substring(0, equalIndex).trim();
+					const value = token.substring(equalIndex + 1).trim().replace(/^"|"$/g, '');
+					if (key && value !== undefined) {
+						currentChallenge.params[key] = value;
+					}
 				}
 			}
 		}
diff --git a/src/vs/base/test/common/oauth.test.ts b/src/vs/base/test/common/oauth.test.ts
@@ -344,6 +344,15 @@ suite('OAuth', () => {
 			});
 		});
 
+		test('parseWWWAuthenticateHeader should correctly parse parameters with equal signs', () => {
+			const result = parseWWWAuthenticateHeader('Bearer resource_metadata="https://example.com/.well-known/oauth-protected-resource?v=1"');
+			assert.strictEqual(result.length, 1);
+			assert.strictEqual(result[0].scheme, 'Bearer');
+			assert.deepStrictEqual(result[0].params, {
+				resource_metadata: 'https://example.com/.well-known/oauth-protected-resource?v=1'
+			});
+		});
+
 		test('parseWWWAuthenticateHeader should correctly parse multiple', () => {
 			const result = parseWWWAuthenticateHeader('Bearer realm="api", error="invalid_token", error_description="The access token expired", Basic realm="hi"');
 

Original file line number	Diff line number	Diff line change
`@@ -872,19 +872,27 @@ export function parseWWWAuthenticateHeader(wwwAuthenticateHeaderValue: string):`
`872`	`872`	`currentChallenge = { scheme: beforeSpace.trim(), params: {} };`
`873`	`873`
`874`	`874`	`// Parse the parameter part`
`875`		`- const [key, value] = afterSpace.split('=').map(s => s.trim().replace(/"/g, ''));`
`876`		`- if (key && value !== undefined) {`
`877`		`- currentChallenge.params[key] = value;`
	`875`	`+ const equalIndex = afterSpace.indexOf('=');`
	`876`	`+ if (equalIndex > 0) {`
	`877`	`+ const key = afterSpace.substring(0, equalIndex).trim();`
	`878`	`+ const value = afterSpace.substring(equalIndex + 1).trim().replace(/^"\|"$/g, '');`
	`879`	`+ if (key && value !== undefined) {`
	`880`	`+ currentChallenge.params[key] = value;`
	`881`	`+ }`
`878`	`882`	`}`
`879`	`883`	`continue;`
`880`	`884`	`}`
`881`	`885`	`}`
`882`	`886`
`883`	`887`	`// This is a parameter for the current challenge`
`884`	`888`	`if (currentChallenge) {`
`885`		`- const [key, value] = token.split('=').map(s => s.trim().replace(/"/g, ''));`
`886`		`- if (key && value !== undefined) {`
`887`		`- currentChallenge.params[key] = value;`
	`889`	`+ const equalIndex = token.indexOf('=');`
	`890`	`+ if (equalIndex > 0) {`
	`891`	`+ const key = token.substring(0, equalIndex).trim();`
	`892`	`+ const value = token.substring(equalIndex + 1).trim().replace(/^"\|"$/g, '');`
	`893`	`+ if (key && value !== undefined) {`
	`894`	`+ currentChallenge.params[key] = value;`
	`895`	`+ }`
`888`	`896`	`}`
`889`	`897`	`}`
`890`	`898`	`}`