search

damienbod / angular-auth-oidc-client

npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
https://www.npmjs.com/package/angular-auth-oidc-client
MIT License
1.14k stars 430 forks source link

[Bug]: "Error: could not find matching config for state [...]" on checkAuth() #1721

Open enkosoftware opened 1 year ago

enkosoftware commented 1 year ago

Version

15.0.3

Please provide a link to a minimal reproduction of the bug

https://gist.github.com/enkosoftware/55a5e9f353a5ab1a51ba8e11f4c08391

Please provide the exception or error you saw

ERROR Error: could not find matching config for state fd0[...]HT
    at angular-auth-oidc-client.mjs:4107:41

Steps to reproduce the behavior

I am using keycloak to authenticate.
The normal/first login works fine, but there are 3 use-cases, where this error occurs:
1. Using the reset password flow in keycloak and afterwards getting redirected to the app.
2. If the keycloak session expires, the OidcSecurityService.authorize() gets called in an HttpInterceptor on 401 error. The login flow happens and redirects to the app.
3. An user shares his url of the login flow, instead of the actual app-url and another user logs in on this url and gets redirected to the app.

In all three use-cases, the user gets correctly routed to the TenantRedirectComponent, the correct tenant (configId) is fetched and upon calling the checkAuth() method, the exception occurs.

If its the normal/first login flow, no exception occurs and isAuthenticated is true.

The implementation is shown in the linked gist.

A clear and concise description of what you expected to happen.

The redirect from all keycloak flows to the app, will not lead to an exception and the user gets authenticated.

Additional context

No response

damienbod commented 1 year ago

I have a working sample with keycloak, I will see if I can find it.

As far a remember, you need to adjust some configurations which are used in Keycloak

https://angular-auth-oidc-client.com/docs/documentation/configuration

Greetings Damien

damienbod commented 1 year ago

Maybe this link will help:

https://stackoverflow.com/questions/70698697/angular-auth-oidc-client-keycloak-does-not-work

enkosoftware commented 1 year ago

Thanks but i don't think this was the problem, because generally everything was working fine, only in these 3 specific use cases an exception would occur. Also i have already migrated the application to the official keycloak javascript adapter to fix the problem, so you can propably close this issue if no one else has this problem.

michellekunz commented 2 months ago

I have the same problem in version 17.1.0 and Azure, but only in one specific case:

  1. User logs out and is redirected to the login page of Microsoft
  2. User navigates back and is redirected to the login again because of a guard
  3. User repeats this step two times (the last time the state is regenerated and this creates the error)
  4. User logs in normally and the error appears
scurk1415 commented 3 weeks ago

I am having the same problem as the one OP described: Using the reset password flow in keycloak and afterwards getting redirected to the app.

Not sure if it has something to do with the fact that when the user enters the email, there receive a link for the change password page and the state changes