search

zorn-v / nextcloud-social-login

GNU Affero General Public License v3.0
198 stars 137 forks source link

The authorization state [state=HA-xxxxxxxxxxx] of this page is either invalid or has already been consumed. #386

Open holzi1005 opened 1 year ago

holzi1005 commented 1 year ago

At some point, we soemtimes get this error, when a users tries to login via the Social Login Plugin and OpenID Connect to the Keycloak Server. Before updating nextcloud from 24 to 25, the login worked without problem. We tried it with Chrome, Edge, and Firefox. The result is the same.

The authorization state [state=HA-xxxxxxxxxxx] of this page is either invalid or has already been consumed.

zorn-v commented 1 year ago

Something with your cookies

kousu commented 1 year ago

I was seeing this with with Discord, but I logged out and back into Discord and the error message went away. So yeah, something with your cookies.

kousu commented 1 year ago

I don't have anything useful to add, but more than once a week someone in my org is hitting this. It's intermittent. It seems to be that certain browsers get jammed with an invalid state and can't give it up, so it's something more-than-spurious. I'm walking people through clearing their cookies but that's a lot for some people to work through. I wish I knew how to make it more reliable.

https://github.com/zorn-v/nextcloud-social-login/issues/306 sounds like it might have been the same, but the resolution there was "apache misconfiguration". I wonder what that was. I'm using nginx; is it possible I have some nginx setting set in some way that's annoying php/nextcloud/hybridauth?

https://github.com/hybridauth/hybridauth/issues/1301 sounds like exactly the symptoms I'm seeing, so, yes, "something with your cookies" is maybe the most immediate cause, but "hybridauth is a bit flakey" seems like a more likely explanation to me at the moment.

EDIT: I have a potential fix in https://github.com/zorn-v/nextcloud-social-login/pull/398

kousu commented 1 year ago

A bit of new information: this has happened three times now on account creation. That is, the first time someone logs in, they get this error and aren't able to log in, but in https://nextcloud.example.com/settings/users I can see their new accounts and I get an email notice about the new account.

I'm not sure what that means but it'll help zero in on the reproducing, maybe.

czqrny commented 8 months ago

any chance for update hybridauth dependency ?

zorn-v commented 8 months ago

3.11 not released yet