Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to verify authorization request state. when I hit the auth routes by redirecting from a page but when I try again by redirecting to auth route from the page the auth works successfully #76

Open
NitinKhareH opened this issue Feb 28, 2020 · 2 comments
Open

Unable to verify authorization request state. when I hit the auth routes by redirecting from a page but when I try again by redirecting to auth route from the page the auth works successfully #76

NitinKhareH opened this issue Feb 28, 2020 · 2 comments

Comments

@NitinKhareH
Copy link

We only redirect from the page when we have no user in the session

` router.get('/auth/openidconnect',oidcSettings, oidcProviderReq);
router.get('/auth/openidconnect/callback',oidcSettings, oidcCallback);

let oidcSettings = function (req, res, next) {

  //provider contains all the required data

    var OidcStrategy = require('passport-openidconnect').Strategy;
    passport.use('oidc', new OidcStrategy({
        issuer: provider.settings.issuer,
        authorizationURL: provider.settings.authorizationURL,
        tokenURL: provider.settings.tokenURL,
        userInfoURL: provider.settings.userInfoURL,
        clientID: provider.settings.ClientID,
        clientSecret: provider.settings.clientSecret,
        callbackURL: provider.settings.callbackURL, 
        scope: 'openid profile'
    }, (issuer, sub, profile, accessToken, refreshToken, done) => {
        if (!(profile && profile._json && profile._json.email)) {
            return done(null, false);
        }
        req.params.provider =profile.id
        oidcLogin(req, profile, 'oidc_user', done); //basically either logs into the application or creates a new user 
    }));
    next();

}

let oidcProviderReq = function(req, res, next){
passport.authenticate('oidc', {scope: 'openid profile'})(req, res, next);
}

let oidcCallback = function(req, res, next){
passport.authenticate('oidc', function (err, user, info) {
if(err) throw err;
console.log(user)
})(req, res, next);
}

`
@kellerassel007
Copy link

It might be because of state url parameter encoding. Having the issue that in 10% of the cases the authentication fails because randomly generated state contains special characters that cause problems with AWS Cognito...

@camdenmoors camdenmoors mentioned this issue Oct 26, 2021
Merged
@jasonatepaint
Copy link

jasonatepaint commented Aug 8, 2024
edited
Loading

May be related to this: #114

I have only found this issue with AWS Cognito and the state having a + char in it. Cognito does not encode the + to %2B, which translates to a whitespace inbound to the SessionStore. This ultimately fails because of a state mismatch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jasonatepaint @kellerassel007 @NitinKhareH