Authentication Failed: Received states null was not equal to original state null

[oleksandrhubachov]

Hello! I have issue using your library. Authentication Failed: Received states null was not equal to original state null This is the exception I got after using your classes. I checked xml and everything looks good. This is my xml:

`

    <custom-filter ref="oauth2AuthFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
</http>

<beans:bean id="oAuth2EntryPoint" class="oauth.OAuth2AuthenticationEntryPoint">
    <beans:property name="oAuth2ServiceProperties" ref="oauth2ServiceProperties"/>
</beans:bean>

<beans:bean id="oauth2AuthFilter" class="oauth.OAuth2AuthenticationFilter">
    <beans:constructor-arg name="defaultFilterProcessesUrl" value="/internal"/>
    <beans:property name="authenticationManager" ref="authenticationManagerClient"/>
    <beans:property name="oAuth2ServiceProperties" ref="oauth2ServiceProperties"/>
</beans:bean>

<beans:bean id="oauth2AuthenticationProvider" class="oauth.OAuth2AuthenticationProvider">
    <beans:property name="authenticatedUserDetailsService" ref="oAuth2UserDetailsService"/>
    <beans:property name="oAuth2ServiceProperties" ref="oauth2ServiceProperties"/>
</beans:bean>

<authentication-manager alias="authenticationManagerClient">
    <authentication-provider ref="oauth2AuthenticationProvider">
    </authentication-provider>
</authentication-manager>

<beans:bean id="oauth2ServiceProperties" class="oauth.OAuth2ServiceProperties">
    <beans:property name="accessTokenUri" value="http://localhost:9999auth/oauth/token"/>
    <beans:property name="userAuthorisationUri" value="http://localhost:9999/auth/oauth/authorize"/>
    <beans:property name="additionalAuthParams">
        <beans:map>
            <beans:entry key="scope" value="openid"/>
        </beans:map>
    </beans:property>
    <beans:property name="redirectUri" value="http://localhost:9000/"/>
    <beans:property name="clientId" value="acme"/>
    <beans:property name="clientSecret" value="acmesecret"/>
    <beans:property name="userInfoUri" value="http://localhost:9999/auth/user"/>
</beans:bean>

<beans:bean id="oAuth2UserDetailsService" class="oauth.OAuth2UserDetailsService">
    <beans:property name="oAuth2UserDetailsLoader" ref="userFacade"/>
    <beans:property name="oAuth2ServiceProperties" ref="oauth2ServiceProperties"/>
</beans:bean>

<beans:bean id="userFacade" class="oauth.UserFacade"/>`

And when I try to open/internal link in my app, this exception appears. What I'm doing wrong?

[pwheel]

Hi, thanks for using the library. So that's pretty strange actually. What OAuth provider are you using?

For the OAuth state parameter, the library generates a random alphanumeric string and stores it in the session. See OAuth2AuthenticationEntryPoint. The OAuth provider should echo this value back as a parameter in the redirect. This must match the original value. See github's docs as an example explanation - https://developer.github.com/v3/oauth/

What's weird is that both the original value in the session is being reported as null, as well as the value sent by the OAuth provider.

Is the session definitely the same when processing the callback? Can you confirm that the redirect to the OAuth provider contains state as a parameter? You could also put a breakpoint in OAuth2AuthenticationEntryPoint.commence(). Can you confirm whether the callback from the OAuth provider contains state as a parameter?

Are you trying to open /internal link directly in your web browser? That won't work, it is only designed to be called back to from the OAuth provider. If that's what you're doing, then the library is working as designed.

Thanks

[Lalitha04]

Hi,I am new to oauth and open id authentication. Now I need to implement in my application.I want to use your library can you give me complete example how to use your library . I tried using it .. but what are the things i need to code in in user facade .Please help