Closed raspreet-vunet closed 8 months ago
xgp
commented
8 months ago Are you using the most recent version of the magic link extension? There used to be a problem of not using the state and nonce variables correctly, but that was fixed a while ago.
Capturing the whole request cycle would be more helpful, as we need to see what parameters are being sent in each request in order to help you debug.
raspreet-vunet
commented
8 months ago I am using the latest version (v0.20)
I'm attaching a zip of the request HAR files. I'll be happy to provide any other information you need
Thanks and cheers
xgp
commented
8 months ago It's not enough. You need to verify that the state parameter in the initial .../openid-connect/auth request is the same as in the redirect. If it's not, there may be a bug. If it is, it's probably a problem with your config.
raspreet-vunet
commented
8 months ago Thanks for the guidance. I've fixed this issue now, only to get another one. This time Keycloak is raising a CODE_TO_TOKEN_ERROR along with a log message that says Code '<authorization_code>' already used for userSession '<session_id>' and client '<client_id>
Again, the user has actually been authenticated and if I open the application's root url, I am logged in as the desired user.
I'm facing a weird issue when trying to use magic links with Grafana. When I click on the magic link Grafana gives me a "missing saved state" exception (see screenshot below)
There is nothing useful in the grafana logs and the weird thing is that the authentication has happened successfully, even with this error. If I open the root url in the browser now, I find myself logged in with the desired user.
Relevant config from the grafana setup I'm using for testing this
I'll be happy to provide any other info. Thanks in advance!