OAuth state parameter getting corrupted

I’m trying to create a plugin that will allow me to sign in with Meetup.com credentials via OAuth 2.0. I have it like…!

When I click authenticate, it sets and send the state parameter with HTML encode JSON that looks like this…


However, when this gets onto the Meetup authorization page, it is populated in an html form where the element looks like this…

As you can see, the state parameter gets decoded on the html and because of that, the state hidden field get broken up. The field starts with "{… but the first decoded double quote stops the field, so state gets set to “{”.

Is there someway to fix this, is there someway to ensure that the state doesn’t get decoded or maybe the state is sent as something other than JSON. I can’t help to feel this is common. Any help appreciated!


Kind of figured something out… if the state parameter from Bubble was using single quotes instead of double, then it goes through fine. I tested this by decoding the “state” param in the url, changing all the double quotes to single, then encoding that and putting it in the request. Meetup then adds it into it’s POST form correctly because it uses double quotes to hold its parameters. Thus, you can have double quotes in singles and singles in doubles, but you can’t have a single in a single unless you escape it. I have to imagine this is happening a lot.