How Curl_exec and Urlencode Killed My Single Sign On

If you do any work with single sign on, you’ll be familiar with the concept of exchanging tokens and validating against the authentication server using that token. One of the issues I’ve just run into which resulted in a huge headache is with urlencoding the result of a curl_exec that had a line ending. It’ easy to miss when it’s a longer string and you aren’t paying very close attention. This is a very simple example, and it still takes a second to realize there’s an extra character at the end.

php> echo urlencode(“test@str!ngw!th0u7\n”); test%40str%21ngw%21th0u7%0A php> echo urlencode(“test@str!ngw!th0u7”); test%40str%21ngw%21th0u7

Basically, I’d recommend calling a trim() on any results you get back, unless you love newlines at the end for some reason.

If you found this post helpful, please consider sharing to your network. I'm also available to help you be successful with your distributed systems! Please reach out if you're interested in working with me, and I'll be happy to schedule a free one-hour consultation.