Closed edjiang closed 7 years ago
Thanks @edjiang , we'll get this fixed. No specific reason for the signed cookies, just something we decided to to.
No problem =] Then should be an easy find/replace for req.cookie
to req.signedCookies
in some specific scenarios =]
Seems like we switched to using signed cookies in 3.1.6 for the OAuth State token, but are not decoding them as signed cookies. So the OAuth state doesn't match, and thus gets rejected with
Invalid state token provided
Two questions:
authorization_code
flow.