tordans left a comment (openstreetmap/openstreetmap-website#6130)
> Do you have any idea when it changed?
Unfortunately not. I know that it worked when we had the old design because
that is when we documented the flow in a PDF.
I looked at the history a bit but nothing stood out to me.
> I think the double `?` is a red herring - there is one parameter who's value
> is a URL that includes parameters.
I just checked again: Its actually only one `?` and all the rest is encoded in
the `referrer` param.
The initial URL is
```url
https://master.apis.dev.openstreetmap.org/login
?referer=%2Foauth2%2Fauthorize%3Fclient_id%3DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%26scope%3Dopenid%2520read_prefs%2520write_prefs%2520write_notes%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fstaging.tilda-geo.de%252Fapi%252Fauth%252Fosm%252Fcallback%26nextauth%3Dosm%252Clogin%26state%3DjIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0%26code_challenge%3DQAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E%26code_challenge_method%3DS256
```
Which decodes to …
```url
https://master.apis.dev.openstreetmap.org/login
?referer=/oauth2/authorize
?client_id=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4
&scope=openid%20read_prefs%20write_prefs%20write_notes
&response_type=code&redirect_uri=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback&nextauth=osm%2Clogin
&state=jIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0
&code_challenge=QAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E
&code_challenge_method=S256
```
The URL from the email is then…
```
https://master.apis.dev.openstreetmap.org/user/test10tobias/confirm
?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzIyMzUwLCJiZGE1Y2RiZWUxYjYxMjQ4ZDE1Nzg5YjAwNWU0NGFkNGI0ZjRkYjBiNGI1MjI0NGYzMTMyNmQ3ZGExMDZiNzE0Il0sImV4cCI6IjIwMjUtMDctMDJUMDk6Mjc6NTguOTk4WiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0%3D--261db9030dd0adf43c8b204c33f945ca0ce27dd3
&referer=%2Fwelcome%3Foauth_return_url%3D%252Foauth2%252Fauthorize%253Fclient_id%253DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%2526scope%253Dopenid%252520read_prefs%252520write_prefs%252520write_notes%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253A%25252F%25252Fstaging.tilda-geo.de%25252Fapi%25252Fauth%25252Fosm%25252Fcallback%2526nextauth%253Dosm%25252Clogin%2526state%253DjIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0%2526code_challenge%253DQAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E%2526code_challenge_method%253DS256
```
Which (twice) decodes to…
```url
https://master.apis.dev.openstreetmap.org/user/test10tobias/confirm
?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzIyMzUwLCJiZGE1Y2RiZWUxYjYxMjQ4ZDE1Nzg5YjAwNWU0NGFkNGI0ZjRkYjBiNGI1MjI0NGYzMTMyNmQ3ZGExMDZiNzE0Il0sImV4cCI6IjIwMjUtMDctMDJUMDk6Mjc6NTguOTk4WiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0=--261db9030dd0adf43c8b204c33f945ca0ce27dd3
&referer=/welcome
?oauth_return_url=/oauth2/authorize
?client_id=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4
&scope=openid%20read_prefs%20write_prefs%20write_notes
&response_type=code
&redirect_uri=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback
&nextauth=osm%2Clogin
&state=jIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0
&code_challenge=QAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E
&code_challenge_method=S256
```
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/6130#issuecomment-3004092262
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/issues/6130/3004092...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev