Fixed client_id sanitization to prevent DB errors

juanifioren · juanifioren · commit 2bc44e45199e · 2025-08-31T20:56:17.000-03:00
diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py
@@ -73,10 +73,7 @@ def _extract_params(self):
         # and POST request.
         query_dict = self.request.POST if self.request.method == "POST" else self.request.GET
 
-        # Sanitize client_id to remove control characters that cause PostgreSQL errors
-        client_id = query_dict.get("client_id", "")
-        self.params["client_id"] = sanitize_client_id(client_id)
-
+        self.params["client_id"] = sanitize_client_id(query_dict.get("client_id", ""))
         self.params["redirect_uri"] = query_dict.get("redirect_uri", "")
         self.params["response_type"] = query_dict.get("response_type", "")
         self.params["scope"] = query_dict.get("scope", "").split()
diff --git a/oidc_provider/lib/endpoints/introspection.py b/oidc_provider/lib/endpoints/introspection.py
@@ -28,7 +28,6 @@ def _extract_params(self):
         # Introspection only supports POST requests
         self.params["token"] = self.request.POST.get("token")
         client_id, client_secret = extract_client_auth(self.request)
-        # Sanitize client_id to remove control characters that cause PostgreSQL errors
         self.params["client_id"] = sanitize_client_id(client_id)
         self.params["client_secret"] = client_secret
 
diff --git a/oidc_provider/lib/endpoints/token.py b/oidc_provider/lib/endpoints/token.py
@@ -32,7 +32,6 @@ def __init__(self, request):
     def _extract_params(self):
         client_id, client_secret = extract_client_auth(self.request)
 
-        # Sanitize client_id to remove control characters that cause PostgreSQL errors
         self.params["client_id"] = sanitize_client_id(client_id)
         self.params["client_secret"] = client_secret
         self.params["redirect_uri"] = self.request.POST.get("redirect_uri", "")
