search

casdoor / casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
https://casdoor.org
Apache License 2.0
9.2k stars 1.09k forks source link

[Bug] QQ login on Android failed due to the missing 'state' parameter #2959

Closed Nyrest closed 1 month ago

Nyrest commented 1 month ago

Problem

I couldn't login to Casdoor using QQ on any Android browser, while desktop login is working well. The state parameter in the url query of the callback url seems to be missing on Android. PC callback: https://door.casdoor.com/callback?code=XXX&state=XXX Android callback: https://door.casdoor.com/callback?code=XXX This problem occurs on both the self-hosted instance and the Casdoor demo.

Tested on Chrome, Edge, and Firefox. QQ: 8.9.80

Reproduce

  1. Log in to https://door.casdoor.com/login using QQ on an Android device
  2. Get the error There was a problem signing you in..
  3. state parameter in the url query is expected to be missing.
casbin-bot commented 1 month ago

@tangyang9464 @JalinWang @imp2002

hsluoyz commented 1 month ago

@Nyrest provide a video to reproduce it

Nyrest commented 1 month ago

https://github.com/casdoor/casdoor/assets/16686147/c03b1120-dcec-4145-a877-20f729875b8d