How Curl_exec and Urlencode Killed My Single Sign On

If you do any work with single sign on, you’ll be familiar with the concept of exchanging tokens and validating against the authentication server using that token. One of the issues I’ve just run into which resulted in a huge headache is with urlencoding the result of a curl_exec that had a line ending. It’ easy to miss when it’s a longer string and you aren’t paying very close attention. This is a very simple example, and it still takes a second to realize there’s an extra character at the end.

php> echo urlencode(“test@str!ngw!th0u7\n”); test%40str%21ngw%21th0u7%0A php> echo urlencode(“test@str!ngw!th0u7”); test%40str%21ngw%21th0u7

Basically, I’d recommend calling a trim() on any results you get back, unless you love newlines at the end for some reason.