Open Flowake opened 1 year ago
Hi @Flowake Is this still an issue for you? I had similar state error and easily fixed it by using environment variables: JWT_COOKIE_SAMESITE: 'Lax' (in the docker compose example it is set to 'Strict') or just don't set the env, the services usese 'Lax' by default.
I've completely missed that issue, sorry! I'm currently on holiday and can't investigate your findings, but maybe @rsrg-zwiama tip already helps you? What I can say so far is that we are using qwc-oidc-auth with Azure AD and we didn't observe this problem.
Thanks for the awesome work with QWC and this implementation of the OIDC authentication protocol.
I'm trying to use this authentication method with an AzureAD OIDC application. It seems to work except that it always raises an error on the first authentication.
Steps to reproduce
Bug
It raises the following error:
Investigation so far
I cloned the repository and changed the docker compose to build the image from the cloned repository. Then I added new logging statements in the callback function, and I digged into authlib to understand what happens.
The issue seems to be that all the data set in the session ("target_url" and "_state_default_XXXXXXXXX") in the login function has disappeared in the callback function that is called after logging in.
In the map viewer, after failing to login the first time, if I go back to the map viewer and try login again, it will succeed, and the session will have two different "_state_default_XXXXXXXXX" keys (the one from the first failed attemps and the one from the succesful second attempt).
For the qwc_admin panel, after failing the first time, if I go back to the /qwc_admin/ endpoint it will produce an error "Too many redirects".
If you have any ideas on how to solve this I would happily try them and submit a PR if I get it to work.