Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

State not valid (expected: null, received: .....) #1483

Open
bernhard-braeu opened this issue Nov 13, 2024 · 4 comments
Open

State not valid (expected: null, received: .....) #1483

bernhard-braeu opened this issue Nov 13, 2024 · 4 comments

Comments

@bernhard-braeu
Copy link

Issue and Steps to Reproduce

After updating to the latest version i got the following error:
Error: State not valid (expected: null, received: QfoT4KWMKBO2kqG2)

When i reload the app, it words as intended.

Versions

7.22.32

Screenshots

image

  • Installed packages:
@guillaume-chervet
Copy link
Contributor

Hi @bernhard-braeu , do you have a sample of your configuration and how do you trigger the login? Do you have also the full url of your authentication page? State should be here as query string.

@erenasigli
Copy link

erenasigli commented Nov 20, 2024
edited
Loading

Hello there!

I am facing the same issue, so I didn't see necessary to open a new issue.
The error occurs when I login from anothercoolapp.domain.net address. It works for first domain but second domain throws this error. And also when an user logged in from second domain, it redirects to first domains redirect address. It is probably wrong approach for using same app with two domain.

IdentityServer Configuration.

  new ()
  {
      ClientId = "coolapp-webui",
      ClientName = "coolapp UI",
      AllowedGrantTypes = {GrantType.AuthorizationCode, GrantType.ResourceOwnerPassword},
      AllowedScopes = { "openid", "profile","coolapp"},
      ClientUri="https://coolapp.domain.net",
      RedirectUris={ "https://coolapp.domain.net/authentication/callback","https://anothercoolapp.domain.net/authentication/callback" },
      PostLogoutRedirectUris={ "https://coolapp.domain.net/signout-callback-oidc","https://anothercoolapp.domain.net/signout-callback-oidc" },
      AllowedCorsOrigins={"https://coolapp.domain.net","https://anothercoolapp.domain.net"  },
      LogoUri="https://img.server.net:5022/img/products/logo-coooolapp.png",
      RequirePkce=false,
      RequireClientSecret=false,
      AccessTokenLifetime=2678400,
      UserSsoLifetime=2678400,
      ClientSecrets ={new Secret("gazoz".Sha256()) },
      AllowOfflineAccess=true,
      Description="coolapp",
      Properties=PropertiesService.GetProperties()
  },

const prod = {
    client_id: 'coolapp-webui',
    redirect_uri: 'https://coolapp.domain.net/authentication/callback',
    silent_redirect_uri: 'https://coolapp.domain.net/authentication/silent-callback',
    // silent_login_uri: window.location.origin + '/authentication/silent-login',
    scope: 'openid profile coolapp',
    authority: 'https://authority.server.net:5022',
    // authority_time_cache_wellknowurl_in_second: 60* 60,
    refresh_time_before_tokens_expiration_in_second: 40,
    service_worker_relative_url: '/OidcServiceWorker.js',
    service_worker_only: false,
    // storage: localStorage,
    // silent_login_timeout: 3333000
    // monitor_session: true,
    token_renew_mode: TokenRenewMode.access_token_invalid,
    demonstrating_proof_of_possession: false
};

thank you @guillaume-chervet

@guillaume-chervet
Copy link
Contributor

Hi @erenasigli , i am not sure to understand you case.
Do you have a video or something that can help me to understand your problem?

@bernhard-braeu
Copy link
Author

My OidcConfiguration:

export const configurationIdentityServer: OidcConfiguration = {
    client_id: import.meta.env.VITE_APP_OIDC_CLIENT_ID!,
    redirect_uri: `${window.location.origin}/authentication/callback`,
    silent_redirect_uri: `${window.location.origin}/authentication/silent-callback`, // Optional activate silent-signin that use cookies between OIDC server and client javascript to restore the session
    authority_time_cache_wellknowurl_in_second: 60 * 60,
    refresh_time_before_tokens_expiration_in_second: 40,
    scope: 'openid profile email',
    authority: import.meta.env.VITE_APP_OIDC_AUTHORITY,
    service_worker_relative_url: '/OidcServiceWorker.js',
    service_worker_only: true,
    token_renew_mode: TokenRenewMode.access_token_or_id_token_invalid
};

I'm using withOidcSecure to secure my routes:

export const AppRoutes = () => {
    return (
        <Routes>
            <Route Component={withOidcSecure(Frame)} path="/">
                <Route element={<Navigate to="home" />} path={''} />
                <Route Component={withOidcSecure(Home)} path="home" />
                <Route Component={withOidcSecure(Permissions)} path="permissions" />
            </Route>
        </Routes>
    );
};

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@erenasigli @guillaume-chervet @bernhard-braeu