Version: spring-boot-starter-web version 2.4.1.
Hello,
I am trying to make a post request using LinkedMultiValueMap<>() for authentication but I keep receiving a 400 BAD REQUEST.
When I send it as a raw string I get a 200. Code:
```
String test = "client_secret=1234&grant_type=refresh_token&refresh_token=1%2F%2F&client_id=12345";
ResponseEntity
When I send it as a LinkedMultiValueMap<>(). Code:
MultiValueMap<String, Object> formUrlEncoded = new LinkedMultiValueMap<>();
formUrlEncoded.add("client_secret", "1234");
formUrlEncoded.add("grant_type", "refresh_token");
formUrlEncoded.add("refresh_token", "1%2F%2F");
formUrlEncoded.add("client_id", "12345");
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, Object>> httpEntity = new HttpEntity<>(formUrlEncoded, httpHeaders);
ResponseEntity<String> stringResponseEntity = restTemplate.postForEntity("/token", httpEntity, String.class);
What I noticed is that the value of the **refresh_token is changed** and **% is replaced with %25**??
I know the solution (Send as a string), but still I find this weird and I want to know why this is happening? What am I not seeing?
**Comment From: MS90D3V**
Further investigation:
I started to investigate the read() method from FormHttpMessageConverter.class.
I noticed the URLDecoder.decode() is used to decode the values for some reason?
public static String decode(String s, Charset charset) { ... ...
case '%': / * Starting with this instance of %, process all * consecutive substrings of the form %xy. Each * substring %xy will yield a byte. Convert all * consecutive bytes obtained this way to whatever * character(s) they represent in the provided * encoding. /
try {
// (numChars-i)/3 is an upper bound for the number
// of remaining bytes
if (bytes == null)
bytes = new byte[(numChars-i)/3];
int pos = 0;
while ( ((i+2) < numChars) &&
(c=='%')) {
int v = Integer.parseInt(s, i + 1, i + 3, 16);
if (v < 0)
throw new IllegalArgumentException(
"URLDecoder: Illegal hex characters in escape "
+ "(%) pattern - negative value");
bytes[pos++] = (byte) v;
i+= 3;
if (i < numChars)
c = s.charAt(i);
}
} ```
Now why are my values being decoded? The value's aren't URI's!
Comment From: rstoyanchev
This is by design. Form data name-value pairs are expected to be percent encoded and this is what the converter is doing. That means the values you pass in are not expected to be encoded already.
Comment From: MS90D3V
@rstoyanchev Thank you for your feedback.
I found out what I was doing wrong.I was totally unaware the refresh token was already encoded. So I replaced %2F in the refresh token with a normal forward slash. Then I put it into the LinkedMultiValueMap and now everything works like a charm! Thank you for pointing me in the correct direction!