How to resolve errors like "callbackParams of undefined" and "state mismatch" #386
Replies: 2 comments 3 replies
-
|
As far as I know the library does not hold state regarding the authentication flow. As long as you properly sync request state (e.g. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @svvac for the reply. Actually I'm not sure if it is the case or not, but according to my own spike and debugging, I could reproduce the 2 errors using different openid client instance for the same callback request. Also I had a question on stackoverflow, and some other folk confirmed my case. Can @panva please confirm or clarify? |
Beta Was this translation helpful? Give feedback.
-
|
I can do no such thing without error stacktraces and reproduction repository/steps. |
Beta Was this translation helpful? Give feedback.
-
|
The stated reason in your SO answer sounds wrong to me. You do not need to share an instance between the two steps to make PKCE work. You still need some state sharing mechanism for the checks to work, but this applies whether or not you end up using the same instance or not. Here is a toy implementation that uses two different servers (ports) and single-use |
Beta Was this translation helpful? Give feedback.
-
|
@svvac you are right, I think the problem is with the caller, in my case it is XeroClient, it doesn't initialise the openIdClient for callbacks properly. I have raised a PR for them |
Beta Was this translation helpful? Give feedback.
-
Hi folks (cc @panva @svvac @madarche @sawyerh)
Is that correct to assume that the same
openIdClientinstance should be handling bothopenIdClient.authorizationUrl()andopenIdClient.callbackParams()for a particular authentication request.As I found out, it could be wrong, that if the instance is different between these 2 calls, then "callbackParams of undefined" and "state mismatch" errors could happen, especially in a multi-instance environment.
Beta Was this translation helpful? Give feedback.
All reactions