search

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
MIT License
570 stars 152 forks source link

Error on Logout #1374

Open iedokpayintsb opened 1 month ago

iedokpayintsb commented 1 month ago

Login.gov logout causes State error

When logging out with Login.Gov I see an error message saying something like: Error: State not valid (expected: null, received: xxxx) I traced it back to oidc-client/packages/[oidc-client] Line 201. The code explicitly sets the state to null!

Versions

"@axa-fr/oidc-client": "^7.22.5", "@axa-fr/react-oidc": "^7.22.4"

Screenshots

LoginDOTGovLogoutError LoginDotGovAuthErrorOnLogout image

Expected

State should be valid until logout

Actual

State is not valid until logout

Additional Details

guillaume-chervet commented 1 month ago

hi @iedokpayintsb , thank you for your issue.

That strange, do you have a sample of your configuration ?

iedokpayintsb commented 1 month ago

import { nanoid } from 'nanoid';

export const Login_Gov_Config = { client_id: import.meta.env.VITE_LOGIN_GOV_CLIENT_ID, redirect_uri: ${window.location.origin}/authentication/callback, silent_redirect_uri:${window.location.origin}/authentication/silent-callback, scope : ‘openid, email’, authority:’ https://idp.int.identitysandbox.gov’, service_worker_relative_url: "/OidcServiceWorker.js", // just comment that line to disable service worker mode service_worker_only: false, demonstrating_proof_of_possession: false, extras:{'acr_values':'http://idmanagement.gov/ns/assurance/ial/2', 'prompt':'select_account', 'nonce': nanoid(22), 'state':nanoid(50)} };

From: Guillaume Chervet @.> Sent: Thursday, May 23, 2024 12:48 PM To: AxaFrance/oidc-client @.> Cc: Idaho Edokpayi (Contractor) @.>; Mention @.> Subject: Re: [AxaFrance/oidc-client] Error on Logout (Issue #1374)

[CAUTION] This email originated from outside of the organization. Do not click any links or open attachments unless you recognize the sender and know the content is safe.

hi @iedokpayintsbhttps://github.com/iedokpayintsb , thank you for your issue.

That strange, do you have a sample of your configuration ?

— Reply to this email directly, view it on GitHubhttps://github.com/AxaFrance/oidc-client/issues/1374#issuecomment-2127820664, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A6MPVPZ5XCCWRO7NZA6HFQLZDY2XRAVCNFSM6AAAAABIEPGIRCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRXHAZDANRWGQ. You are receiving this because you were mentioned.Message ID: @.**@.>>

CONFIDENTIALITY NOTICE - THIS E-MAIL TRANSMISSION MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL, PROPRIETARY, SUBJECT TO COPYRIGHT, AND/OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. IT IS FOR THE USE OF INTENDED RECIPIENTS ONLY. If you are not an intended recipient of this message, please notify the original sender immediately by forwarding what you received and then delete all copies of the correspondence and attachments from your computer system. Any use, distribution, or disclosure of this message by unintended recipients is not authorized and may be unlawful.

guillaume-chervet commented 1 month ago

Thank you @iedokpayintsb . I will test with your parameters to try to reproduce it.

guillaume-chervet commented 3 days ago

hi @iedokpayintsb does version 7.22.9-alpha.1456 fixe it?

iedokpayintsb commented 3 days ago

I will check!

Get Outlook for iOShttps://aka.ms/o0ukef

From: Guillaume Chervet @.> Sent: Friday, June 28, 2024 3:26:24 PM To: AxaFrance/oidc-client @.> Cc: Idaho Edokpayi (Contractor) @.>; Mention @.> Subject: Re: [AxaFrance/oidc-client] Error on Logout (Issue #1374)

[CAUTION] This email originated from outside of the organization. Do not click any links or open attachments unless you recognize the sender and know the content is safe.

hi @iedokpayintsbhttps://github.com/iedokpayintsb does version @.***/oidc-client/v/7.22.9-alpha.1456> fixe it?

— Reply to this email directly, view it on GitHubhttps://github.com/AxaFrance/oidc-client/issues/1374#issuecomment-2197603398, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A6MPVP7SOVTU5QNOXRBISE3ZJXBHBAVCNFSM6AAAAABIEPGIRCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJXGYYDGMZZHA. You are receiving this because you were mentioned.Message ID: @.***>

CONFIDENTIALITY NOTICE - THIS E-MAIL TRANSMISSION MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL, PROPRIETARY, SUBJECT TO COPYRIGHT, AND/OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. IT IS FOR THE USE OF INTENDED RECIPIENTS ONLY. If you are not an intended recipient of this message, please notify the original sender immediately by forwarding what you received and then delete all copies of the correspondence and attachments from your computer system. Any use, distribution, or disclosure of this message by unintended recipients is not authorized and may be unlawful.