KrakenD rejects URL path parameters containing special characters with "encoded url params" error
Environment
- KrakenD Version: [Please specify your version]
- OS: [Please specify]
- Deployment: [Docker/Kubernetes/Standalone - please specify]
- Go Plugin: Custom HTTP server plugin
Problem Description
KrakenD is rejecting valid HTTP requests that contain special characters (#, @) in path parameters, returning a 400 error with the message "encoded url params". This occurs even when the URLs are properly formatted and encoded according to RFC 3986.
Failing Request Example
GET /users/dummy_company.com#EXT#@company.onmicrosoft.com
<notice the #EXT#>
Expected Behavior
The request should be routed to the configured backend service with the user_id parameter properly handled, as this is a valid URL path segment.
Actual Behavior
KrakenD returns HTTP 400 with "encoded url params" error before the request reaches the configured backend or Go plugin handlers.
Configuration
Endpoint Configuration
{
"endpoint": "/users/{user_id}",
"method": "GET",
"timeout": "180s",
"output_encoding": "no-op",
"input_query_strings": [
"metadata",
"links"
],
"backend": [
{
"url_pattern": "/users/{user_id}",
"method": "GET",
"encoding": "no-op",
"host": [
"http://xxxxxx:8088"
]
}
]
}KrakenD Main Configuration
{
"$schema": "https://www.krakend.io/schema/v3.json",
"version": 3,
"timeout": "30000ms",
"cache_ttl": "300s",
"port": "3000",
"name": "bxpp",
"disable_keep_alives": true,
"plugin": {
"pattern": ".so",
"folder": "/plugins/"
},
"extra_config": {
"plugin/http-server": {
"name": ["<our authentication plugin>"]
}
}
}Investigation Results
Through extensive debugging with custom Go plugin logging, we determined:
1. Timing of Error
- Error occurs after custom handling in our plugin.
- Error happens during KrakenD's internal routing/endpoint matching phase
- GIN logs show 400 status with the problematic URL
2. URL Encoding Tests
I tested multiple encoding approaches:
Original URL:
/users/dineshts_company.com#EXT#@company.onmicrosoft.com
URL Encoded:
/v1/management/users/dineshts_company.com%23EXT%23%40company.onmicrosoft.com
Result: Both variations fail with the same 400 "encoded url params" error
3. Workaround Confirmation
When I bypass KrakenD's routing entirely in our Go plugin and handle the request directly, the error disappears, confirming the issue is in KrakenD's parameter validation.
Logs
[GIN] 2025/09/24 - 08:27:07 | 400 | 566.083µs | 142.251.223.243 | GET "/users/dineshts_company.com#EXT#@company.onmicrosoft.com"
Use Case Context
This issue affects Microsoft Azure AD B2B guest user scenarios where user identities follow the format:
username_domain.com#EXT#@tenant.onmicrosoft.com
This is a standard Microsoft identity format that cannot be easily changed, making it a blocking issue for Azure AD integration.
Questions
- Parameter Validation: Does KrakenD have built-in validation rules for path parameters that reject certain characters?
- Configuration Options: Are there settings to disable or customize path parameter validation?
- RFC Compliance: Should KrakenD accept properly escaped special characters in path parameters per RFC 3986?
- Error Location: Where in KrakenD's codebase does the "encoded url params" error message originate?
Potential Solutions
I'd appreciate guidance on:
- Configuration options to allow special characters in path parameters
- Alternative endpoint patterns that might work around this limitation
- Whether this is intended behavior or a bug
KrakenD rejects URL path parameters containing special characters with "encoded url params" error
Environment
Problem Description
KrakenD is rejecting valid HTTP requests that contain special characters (
#,@) in path parameters, returning a 400 error with the message "encoded url params". This occurs even when the URLs are properly formatted and encoded according to RFC 3986.Failing Request Example
Expected Behavior
The request should be routed to the configured backend service with the user_id parameter properly handled, as this is a valid URL path segment.
Actual Behavior
KrakenD returns HTTP 400 with "encoded url params" error before the request reaches the configured backend or Go plugin handlers.
Configuration
Endpoint Configuration
{ "endpoint": "/users/{user_id}", "method": "GET", "timeout": "180s", "output_encoding": "no-op", "input_query_strings": [ "metadata", "links" ], "backend": [ { "url_pattern": "/users/{user_id}", "method": "GET", "encoding": "no-op", "host": [ "http://xxxxxx:8088" ] } ] }KrakenD Main Configuration
{ "$schema": "https://www.krakend.io/schema/v3.json", "version": 3, "timeout": "30000ms", "cache_ttl": "300s", "port": "3000", "name": "bxpp", "disable_keep_alives": true, "plugin": { "pattern": ".so", "folder": "/plugins/" }, "extra_config": { "plugin/http-server": { "name": ["<our authentication plugin>"] } } }Investigation Results
Through extensive debugging with custom Go plugin logging, we determined:
1. Timing of Error
2. URL Encoding Tests
I tested multiple encoding approaches:
Original URL:
URL Encoded:
Result: Both variations fail with the same 400 "encoded url params" error
3. Workaround Confirmation
When I bypass KrakenD's routing entirely in our Go plugin and handle the request directly, the error disappears, confirming the issue is in KrakenD's parameter validation.
Logs
Use Case Context
This issue affects Microsoft Azure AD B2B guest user scenarios where user identities follow the format:
This is a standard Microsoft identity format that cannot be easily changed, making it a blocking issue for Azure AD integration.
Questions
Potential Solutions
I'd appreciate guidance on: