Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[context] Authentication callback with IE

See original GitHub issue

Issue and Steps to Reproduce

When using IE 11 to perform authentication. Once the user has submitted the third-party login form with valid credentials, the browser redirects the user to a /authentication/not-authenticated?message=No matching state found in storage URL. A message is displayed : Authentification Vous n’êtes pas authentifié.

However, the access_token has been successfully retrieved as it is stored in the sessionStorage and added in API calls.

If the user types the requested URL, then the library works as expected.

Versions

oidc-client : 1.5.1
@axa-fr/react-oidc-context : 1.2.0
@axa-fr/react-oidc-context-fetch : 1.2.0
isomorphic-fetch : 2.2.1
es6-promise : 4.2.6

Screenshots

2019-02-28_13h43_36

Expected

The browser should redirect to the URL called before the authentication
A valid access_token should be present in the sessionStorage

Actual

The browser redirect to /authentication/not-authenticated?message=No matching state found in storage and display Vous n’êtes pas authentifié.
A valid access_token is present in the sessionStorage
The browser console display the following error message : OidcClient.processSigninResponse: No matching state found in storage

Additional Details

Workflow

Access to a URL which need authentication

Browser redirects the user to the SSO Login form

User login with valid credentials

Brower redirects to /authentication/callback URL with params

scope

realm

state

access_token (valid access_token)

token_type

expires_in

Browser redirects to /authentication/not-authenticated?message=No matching state found in storage

OIDC configuration

 "oidc": {
    "client_id": "xxxx",
    "redirect_uri": "http://localhost:3000/authentication/callback",
    "response_type": "token",
    "post_logout_redirect_uri": "http://localhost:3000/",
    "scope": "openid profile email",
    "authority": "xxx",
    "silent_redirect_uri": "http://localhost:3000/authentication/silent_callback",
    "automaticSilentRenew": false,
    "loadUserInfo": false,
    "triggerAuthFlow": false
  }

Issue Analytics

State:
Created 5 years ago
Reactions:2
Comments:20 (17 by maintainers)

Top GitHub Comments

1reaction

guillaumechervetaxacommented, Mar 14, 2019

It should be fixed. By the last release. @Sebo100 do you confirm it is working now?

0reactions

RichardHpacommented, Sep 16, 2020

Im still having this issue come up with I am trying to format my app to work on ie11 Has anyone found a solution to this?

Top Results From Across the Web

Force Reauthentication in OIDC - Auth0

Describes how to use the max_age authentication request parameter as a mechanism whereby relying parties can positively confirm that re-authentication has ...

why do callback functions with global execution context have ...

Whenever execution context is created we have three things that are available to us: Global object (window) :Any variable or function in the ......

How to use context.setGroupNotification() function? - Forums - IBM ...

The event object that is passed into the callback function contains only a single property type of value groupNotification. It does not have...

Initialize MSAL.js client apps - Microsoft Entra

Initialize the MSAL 1.x authentication context by instantiating a UserAgentApplication with a configuration object. The minimum required ...

Callback Scripts - Smile CDR Documentation

Callback scripts have the right to examine authentication requests, ... with a particular session (ie. because the launch context is maintained in a ......