"OAuth state mismatch" error when the user already logged in

[ttphi88]

Hello, thank you for developing the plugin. It's excellent and we're happy using it.

However, we've encountered one issue: when the user already has the matomo session, the plugin throws the error.

Steps to reproduce:

• Login via /index.php?module=LoginOIDC&action=signin path (we enabled the direct login URL)
• After logging in, visit the path above again /index.php?module=LoginOIDC&action=signin
• Notice that the plugin will go through the OAuth flow again
• In the callback function /index.php?module=LoginOIDC&action=callback&provider=oidc&code=....
  • If the authenticated user of the OAuth flow above is the same as the logged-in user in Matomo's session, the user will see the "OAuth state mismatch" error screen

My finding:

• In the callback function of the Controller, in the end, there is the logic:

              if (Piwik::getCurrentUserLogin() === $user["login"]) {
                  $this->passwordVerify->setPasswordVerifiedCorrectly();
                  return;
              }

And the $this->passwordVerify->setPasswordVerifiedCorrectly code is:

        if ($this->enableRedirect) {
            Url::redirectToUrl('index.php' . Url::getCurrentQueryStringWithParametersModified(
                $sessionNamespace->redirectParams
            ));
        }

So the callback action will redirect to itself and throw the error.

One solution (in my opinion) is to check for the login session in the signin action and redirect the user to /index.php. What do you think?

[rileyjnevins]

I am encountering the same issue.

[sschueller]

I can confirm, I see the same issue on my setup.