From 4be69fd9ee638efdbbbe8c664293645495e832df Mon Sep 17 00:00:00 2001
From: Alexander Oliver Mader <hello@aomader.com>
Date: Tue, 10 Dec 2024 13:03:52 +0100
Subject: [PATCH] fix(error-redirect): use query-safe fragment as recommended
 in the latest OAuth 2 security best practices

---
 .../src/IdentityServer/Endpoints/Results/AuthorizeResult.cs   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/identity-server/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs b/identity-server/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
index 1ffb1b974..4155e0c0e 100644
--- a/identity-server/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
+++ b/identity-server/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
@@ -177,8 +177,8 @@ private string BuildRedirectUri(AuthorizeResponse response)
 
         if (response.IsError && !uri.Contains('#'))
         {
-            // https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-00
-            uri += "#_=_";
+            // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-29#section-4.1.3
+            uri += "#_";
         }
 
         return uri;