search

supabase / auth

A JWT based API for managing users and issuing JWT tokens
https://supabase.com/docs/guides/auth
MIT License
1.52k stars 372 forks source link

OAuth - State parameter not working #1548

Open C4T4 opened 6 months ago

C4T4 commented 6 months ago

I'm trying to pass a test string in the state parameter via google login. the state parameter and the value get passed to google and redirected to supabase but supabase throw an error at this point:

https://xxxx.supabase.co/auth/v1/callback?state=test&code=xxxA&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=none

{"code":400,"error_code":"bad_oauth_state","msg":"OAuth callback with invalid state"}

// I use supabase from @supabase/ssr
import { Auth } from '@supabase/auth-ui-react';

      <Auth
        view={props.view || 'sign_in'}
        supabaseClient={supabase}
        providers={['google']}
        queryParams={{

          state: 'test'
        }}
        redirectTo={`${getURL()}/auth/callback`}
        magicLink={true} />

Google Login/Prompt URL

https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=xxxx.apps.googleusercontent.com&redirect_uri=https://xxxx.supabase.co/auth/v1/callback&response_type=code&scope=email profile&state=test&service=lso&o2v=2&theme=mn&ddm=0&flowName=GeneralOAuthFlow
kangmingtay commented 6 months ago

Hey @C4T4, you can't pass a state query parameter because Supabase Auth uses it to store auth-specific state which it reads on the callback.

vab1997 commented 3 months ago

Hey @kangmingtay, I have same issue, I'm running supabase locally and when I login via google I have the same error. Is there any way to solve for the issue?

MilesLitteral commented 3 months ago

@kangmingtay I also have this issue with Apple provider, I verified everything on my end and it seems the C# Library maybe inherited an issue specific to the GoTrue version it's built with? I heard GoTrue version 2.31 doesn't have this problem whereas version 2.30 does. Perhaps a NuGet update would do the trick?

kangmingtay commented 2 months ago

@vab1997 @MilesLitteral are yall passing in a state query parameter? if you are, why?

MilesLitteral commented 2 months ago

Apple oauth is not responding with a state even when requested. The error generated is because the Auth fails to get a state response from apple every single time

On Thu, Aug 29, 2024 at 2:02 PM Kang Ming @.***> wrote:

@vab1997 https://github.com/vab1997 @MilesLitteral https://github.com/MilesLitteral are yall passing in a state query parameter? if you are, why?

— Reply to this email directly, view it on GitHub https://github.com/supabase/auth/issues/1548#issuecomment-2318518578, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA4MYKY4TN43KNCAJ7S6333ZT5O2NAVCNFSM6AAAAABGQWOGGSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJYGUYTQNJXHA . You are receiving this because you were mentioned.Message ID: @.***>

kangmingtay commented 2 months ago

@MilesLitteral can you please open a ticket at https://supabase.help so we can investigate? it might also be worth checking your project's auth logs to see if there are any underlying errors returned