Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Documentation on how to enable `state` parameter

See original GitHub issue

Hi Team,

We’re trying to determine if state OAuth2 parameter can be auto-generated and verified by this library, or if this is something that the client should implement on their own. Do you have any clarifying documentation on it?

Thank you

Issue Analytics

State:
Created 2 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

pamapacommented, Mar 22, 2022

hmmm when i call auth.signinRedirect() here i get:

https://<server url>?client_id=<client id>&redirect_uri=<encoded redirect url>&response_type=code&scope=openid&state=<the state>&code_challenge=<code challenge>&code_challenge_method=S256&response_mode=query
...
https://<redirect url>?code=<code>&state=<same state as above>
...

The state is something like c990e16feb674bf19a3932919394bbe4.

As the auth process will ping/pong, the application will be run multiple times in the same browser tab, to see anything you need to enable “Preserve log” in the network browser tab of the DevTools…

If you still have issues, please provide logs of the network tab and of the oidc-client-ts by enabling logging via: Log.setLogger(console); Log.setLevel(Log.DEBUG); + “Preserve log” in the browser console tab of the DevTools.

0reactions

dinvladcommented, Mar 22, 2022

@pamapa thanks again - I think the confusion on our side was because the state property on the user object is different, as you mentioned. We do see state request param passed in both of the URLs, however, so all is good!

Top Results From Across the Web

Prevent Attacks and Redirect Users with OAuth 2.0 State ...

The state parameter preserves some state objects set by the client in the Authorization request and makes it available to the client in...

State parameter - Pipedrive Developer Documentation

State parameter value Have your app generate a random string and use it as a state value, unguessable by attackers. It can be...

How to Generate and Validate an OAuth 2.0 State Parameter ...

In this tutorial, you'll learn how to generate, store, and validate OAuth 2.0 state parameters with Node.js and use them in your OAuth...

docs/oauth-state.md at master - GitHub

The state parameter preserves some state object set by the client in the Authorization request and makes it available to the client in...

What Are Client State Parameters? - ServiceNow Developers

Client state parameters are page variables. Define and configure a client state parameter and use the value to configure components. Client state parameters...