`next` url (still) does not render correctly - AuthOAuthView

[JCoder01]

If you'd like to report a bug in Flask-Appbuilder, fill out the template below. Provide any extra information that may be useful

Responsible disclosure: We want to keep Flask-AppBuilder safe for everyone. If you've discovered a security vulnerability please report to [email protected].

Environment

Flask-Appbuilder version: 4.1.4 pip freeze output:

Describe the expected results

Next url should be correct

Describe the actual results

query strings with + are not correctly handled (e.g. ISO formatted timestamps with TZ info: '2022-09-22T08:15:00+00:00')

I don't know if this is an issue with FAB or werkzeug...but I figured I would start here. I'm finding this in Airflow. Airflow generates the timestamp portion of the URL as execution_date=2022-09-25T08%3A15%3A00%2B00%3A00 but what ends up in request.args in security.views.AuthOAuthView is execution_date=2022-09-25T08%3A15%3A00+00%3A00 so after login, we end up with an incorrect query string with a + rather than %2B.

Steps to reproduce

enable OAuth security attempt to login to a URL with a timestamp in the query string (Apache Airflow log url is a good candidate).

[dpgaspar]

Thank you for reporting, currently investigating