Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: authenticate(): request to the redirect_uri path but there's no session state found #3200

Closed
tangjun2012 opened this issue Jan 6, 2021 · 3 comments
Closed

bug: authenticate(): request to the redirect_uri path but there's no session state found #3200

tangjun2012 opened this issue Jan 6, 2021 · 3 comments

Comments

@tangjun2012
Copy link

Issue description

"plugins": { "openid-connect": { "client_id": "aaaaaaa", "client_secret": "bbbbbbb", "discovery": "https://ccccc/.well-known/openid-configuration", "redirect_uri":"https://ddd.com/callback" } }
I had the same problem as bug

When the page enters redirect_uri

2021/01/06 10:28:17 [error] 63#63: *13976465 [lua] openidc.lua:1378: authenticate(): request to the redirect_uri path but there's no session state found, client: 10.51.71.140, server: , request: "GET /callback?code=jcovfcyh2x2fuxaxqxdf25bsu&state=e0d730e54a012e6d008ec0635477ba28 HTTP/1.1" 2021/01/06 10:28:17 [error] 63#63: *13976465 [lua] openid-connect.lua:300: phase_fun(): OIDC authentication failed: request to the redirect_uri path but there's no session state found type: table, client: 10.51.71.140, server: , request: "GET /callback?code=jcovfcyh2x2fuxaxqxdf25bsu&state=e0d730e54a012e6d008ec0635477ba28 HTTP/1.1"

https://github.com/zmartzone/lua-resty-openidc/blob/v1.7.2/lib/resty/openidc.lua Line 1361
local session, session_error = r_session.start(session_opts)

https://github.com/bungle/lua-resty-session/blob/v2.24/lib/resty/session.lua Line 320
return self, present

session_error receives the value of present,session is not initialized present

Environment

  • apisix version (cmd: apisix version):
  • OS: (cmd: uname -a)
  • OpenResty / Nginx version: (cmd: nginx -V or openresty -V)

Minimal test code / Steps to reproduce the issue

What's the actual result? (including assertion message & call stack if applicable)

What's the expected result?
@tangjun2012 tangjun2012 changed the title bug: bug: authenticate(): request to the redirect_uri path but there's no session state found Jan 6, 2021
@spacewander
Copy link
Member

Normally, it is because of two cases:

  1. the client sent the wrong Cookie
  2. a wrong uri is configured as redirect_uri (as the issue you mentioned)

You need to debug it at your side.

@spacewander
Copy link
Member

Closed as lack of response.

@trueg
Copy link

trueg commented Apr 15, 2024

For anyone struggling with this problem like I was after an entire days wasted:

There is an undocumented configuration field "session.secret". As soon as I set this to a random value the problem went away. See below for an example:

"plugins": {
    "openid-connect": {
      "bearer_only": false,
      "client_id": "whatever",
      "client_secret": "whatever-else",
      "discovery": "http://i.am.the.keycloak/auth/realms/myrealm/.well-known/openid-configuration",
      "realm": "myrealm",
      "session": {
        "secret": "MjMzZDFlYzAtN2Y3OC00M2MyLTg1OGYtZTk1NGVkZDEyZjZhCg=="
      }
    }
  }

You can generate the secret string however you like, I used uuidgen|base64.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@trueg @spacewander @tangjun2012