<div style="display: flex; flex-wrap: wrap; white-space: pre-wrap; align-items: center; "><img height="20" width="20" style="border-radius:50%; margin-right: 4px;" decoding="async" src="https://avatars.githubusercontent.com/u/111561?s=20&v=4" /><strong>tordans</strong> left a comment <a href="https://github.com/openstreetmap/openstreetmap-website/issues/6130#issuecomment-3004092262">(openstreetmap/openstreetmap-website#6130)</a></div>
<blockquote>
<p dir="auto">Do you have any idea when it changed?</p>
</blockquote>
<p dir="auto">Unfortunately not. I know that it worked when we had the old design because that is when we documented the flow in a PDF.<br>
I looked at the history a bit but nothing stood out to me.</p>
<blockquote>
<p dir="auto">I think the double <code class="notranslate">?</code> is a red herring - there is one parameter who's value is a URL that includes parameters.</p>
</blockquote>
<p dir="auto">I just checked again: Its actually only one <code class="notranslate">?</code> and all the rest is encoded in the <code class="notranslate">referrer</code> param.<br>
The initial URL is</p>
<div class="highlight highlight-source-ini" dir="auto"><pre class="notranslate">https://master.apis.dev.openstreetmap.org/login
?<span class="pl-k">referer</span>=%2Foauth2%2Fauthorize%3Fclient_id%3DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%26scope%3Dopenid%2520read_prefs%2520write_prefs%2520write_notes%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fstaging.tilda-geo.de%252Fapi%252Fauth%252Fosm%252Fcallback%26nextauth%3Dosm%252Clogin%26state%3DjIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0%26code_challenge%3DQAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E%26code_challenge_method%3DS256</pre></div>
<p dir="auto">Which decodes to …</p>
<div class="highlight highlight-source-ini" dir="auto"><pre class="notranslate">https://master.apis.dev.openstreetmap.org/login
?<span class="pl-k">referer</span>=/oauth2/authorize
  ?<span class="pl-k">client_id</span>=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4
  &<span class="pl-k">scope</span>=openid%20read_prefs%20write_prefs%20write_notes
  &<span class="pl-k">response_type</span>=code&<span class="pl-k">redirect_uri</span>=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback&<span class="pl-k">nextauth</span>=osm%2Clogin
  &<span class="pl-k">state</span>=jIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0
  &<span class="pl-k">code_challenge</span>=QAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E
  &<span class="pl-k">code_challenge_method</span>=S256</pre></div>
<p dir="auto">The URL from the email is then…</p>
<pre class="notranslate"><code class="notranslate">https://master.apis.dev.openstreetmap.org/user/test10tobias/confirm
?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzIyMzUwLCJiZGE1Y2RiZWUxYjYxMjQ4ZDE1Nzg5YjAwNWU0NGFkNGI0ZjRkYjBiNGI1MjI0NGYzMTMyNmQ3ZGExMDZiNzE0Il0sImV4cCI6IjIwMjUtMDctMDJUMDk6Mjc6NTguOTk4WiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0%3D--261db9030dd0adf43c8b204c33f945ca0ce27dd3
&referer=%2Fwelcome%3Foauth_return_url%3D%252Foauth2%252Fauthorize%253Fclient_id%253DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%2526scope%253Dopenid%252520read_prefs%252520write_prefs%252520write_notes%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253A%25252F%25252Fstaging.tilda-geo.de%25252Fapi%25252Fauth%25252Fosm%25252Fcallback%2526nextauth%253Dosm%25252Clogin%2526state%253DjIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0%2526code_challenge%253DQAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E%2526code_challenge_method%253DS256
</code></pre>
<p dir="auto">Which (twice) decodes to…</p>
<div class="highlight highlight-source-ini" dir="auto"><pre class="notranslate">https://master.apis.dev.openstreetmap.org/user/test10tobias/confirm
?<span class="pl-k">confirm_string</span>=<span class="pl-k">eyJfcmFpbHMiOnsiZGF0YSI6WzIyMzUwLCJiZGE1Y2RiZWUxYjYxMjQ4ZDE1Nzg5YjAwNWU0NGFkNGI0ZjRkYjBiNGI1MjI0NGYzMTMyNmQ3ZGExMDZiNzE0Il0sImV4cCI6IjIwMjUtMDctMDJUMDk6Mjc6NTguOTk4WiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0</span>=--261db9030dd0adf43c8b204c33f945ca0ce27dd3
&<span class="pl-k">referer</span>=/welcome
  ?<span class="pl-k">oauth_return_url</span>=/oauth2/authorize
    ?<span class="pl-k">client_id</span>=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4
      &<span class="pl-k">scope</span>=openid%20read_prefs%20write_prefs%20write_notes
      &<span class="pl-k">response_type</span>=code
      &<span class="pl-k">redirect_uri</span>=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback
      &<span class="pl-k">nextauth</span>=osm%2Clogin
      &<span class="pl-k">state</span>=jIO5g3txGqwx9umk9-zTr7nlhTJ-WxvfWjFqhKcGRF0
      &<span class="pl-k">code_challenge</span>=QAKZO5APd7JZDsaYnWi1tizaLkUxZjQkivX9IYRbx8E
      &<span class="pl-k">code_challenge_method</span>=S256</pre></div>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/6130#issuecomment-3004092262">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLO7YMLGZHG6T65D2JL3FJUHHAVCNFSM6AAAAACAAWSYK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMBUGA4TEMRWGI">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLIW7FVLFCIF33W7W2D3FJUHHA5CNFSM6AAAAACAAWSYK6WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTVTB3HWM.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/6130/3004092262</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>

<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/6130#issuecomment-3004092262",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/6130#issuecomment-3004092262",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>