OIDC login fails due to Authentik sending state QS and node-openid-client failing a check #1134

openbrian · 2024-05-01T19:57:49Z

It's all here. https://forum.getodk.org/t/oidc-issue-when-logging-in/46619

bug: getodk#1134 It's not needed for CSRF protection because code_challenge does this, but the Authentik IDP will return &state= in the query string. This will trigger node-openid-client to fail a check.

This makes the "next" value more trusted. Closes getodk#1134 Closes getodk#1135

openbrian mentioned this issue May 1, 2024

improve: Also pass along a state (nonce) paramater. #1135

Closed

2 tasks

alxndrsn pushed a commit to alxndrsn/odk-central-backend that referenced this issue Dec 4, 2024

oidc: pass "next" path to IdP as "state"

975b509

This makes the "next" value more trusted. Closes getodk#1134 Closes getodk#1135

alxndrsn mentioned this issue Dec 4, 2024

oidc: pass state to IdP in authorization URL #1327

Merged

4 tasks

alxndrsn closed this as completed in #1327 Dec 5, 2024

alxndrsn closed this as completed in 217a111 Dec 5, 2024

matthew-white added this to ODK Central Dec 5, 2024

github-project-automation bot moved this to 🕒 backlog in ODK Central Dec 5, 2024

matthew-white assigned alxndrsn Dec 5, 2024

matthew-white moved this from 🕒 backlog to ✅ done in ODK Central Dec 5, 2024

matthew-white added the bug label Dec 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OIDC login fails due to Authentik sending state QS and node-openid-client failing a check #1134

OIDC login fails due to Authentik sending state QS and node-openid-client failing a check #1134

openbrian commented May 1, 2024

OIDC login fails due to Authentik sending state QS and node-openid-client failing a check #1134

OIDC login fails due to Authentik sending state QS and node-openid-client failing a check #1134

Comments

openbrian commented May 1, 2024