search

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
MIT License
601 stars 161 forks source link

State not valid (expected: null, received: .....) #1483

Open bernhard-braeu opened 1 week ago

bernhard-braeu commented 1 week ago

Issue and Steps to Reproduce

After updating to the latest version i got the following error: Error: State not valid (expected: null, received: QfoT4KWMKBO2kqG2)

When i reload the app, it words as intended.

Versions

7.22.32

Screenshots

image

guillaume-chervet commented 1 week ago

Hi @bernhard-braeu , do you have a sample of your configuration and how do you trigger the login? Do you have also the full url of your authentication page? State should be here as query string.

erenasigli commented 2 days ago

Hello there!

I am facing the same issue, so I didn't see necessary to open a new issue. The error occurs when I login from anothercoolapp.domain.net address. It works for first domain but second domain throws this error. And also when an user logged in from second domain, it redirects to first domains redirect address. It is probably wrong approach for using same app with two domain.

IdentityServer Configuration.

  new ()
  {
      ClientId = "coolapp-webui",
      ClientName = "coolapp UI",
      AllowedGrantTypes = {GrantType.AuthorizationCode, GrantType.ResourceOwnerPassword},
      AllowedScopes = { "openid", "profile","coolapp"},
      ClientUri="https://coolapp.domain.net",
      RedirectUris={ "https://coolapp.domain.net/authentication/callback","https://anothercoolapp.domain.net/authentication/callback" },
      PostLogoutRedirectUris={ "https://coolapp.domain.net/signout-callback-oidc","https://anothercoolapp.domain.net/signout-callback-oidc" },
      AllowedCorsOrigins={"https://coolapp.domain.net","https://anothercoolapp.domain.net"  },
      LogoUri="https://img.server.net:5022/img/products/logo-coooolapp.png",
      RequirePkce=false,
      RequireClientSecret=false,
      AccessTokenLifetime=2678400,
      UserSsoLifetime=2678400,
      ClientSecrets ={new Secret("gazoz".Sha256()) },
      AllowOfflineAccess=true,
      Description="coolapp",
      Properties=PropertiesService.GetProperties()
  },
const prod = {
    client_id: 'coolapp-webui',
    redirect_uri: 'https://coolapp.domain.net/authentication/callback',
    silent_redirect_uri: 'https://coolapp.domain.net/authentication/silent-callback',
    // silent_login_uri: window.location.origin + '/authentication/silent-login',
    scope: 'openid profile coolapp',
    authority: 'https://authority.server.net:5022',
    // authority_time_cache_wellknowurl_in_second: 60* 60,
    refresh_time_before_tokens_expiration_in_second: 40,
    service_worker_relative_url: '/OidcServiceWorker.js',
    service_worker_only: false,
    // storage: localStorage,
    // silent_login_timeout: 3333000
    // monitor_session: true,
    token_renew_mode: TokenRenewMode.access_token_invalid,
    demonstrating_proof_of_possession: false
};

thank you @guillaume-chervet

guillaume-chervet commented 1 day ago

Hi @erenasigli , i am not sure to understand you case. Do you have a video or something that can help me to understand your problem?