Unable to determine state after update to php 7.4

[IljaN]

After upgrading to php 7.4 some users are experiencing the following error on login. After removing the oauth query params from the url in the address-bar of the browser and pressing enter the user is successfully logged-in.

{
  "reqId": "ws0m2ysLSH7ENNkzDf5e",
  "level": 3,
  "time": "2021-05-11T05:40:50+02:00",
  "remoteAddr": "53.136.144.91",
  "user": "--",
  "app": "OpenID",
  "method": "GET",
  "url": "/apps/openidconnect/redirect?code=zi3rC6x4aBlKF-9HzPSl9fSKtyWTp2eWEMcAAADL&state=ca1fab3a9cae0a5c6d271648d241bf30",
  "message": "Exception: {"Exception":"Jumbojett\OpenIDConnectClientException","Message":"Unable to determine state","Code":0,"Trace":"
#0 /srv/www/vhosts/owncloud/apps/openidconnect/lib/Client.php(164): Jumbojett\OpenIDConnectClient->authenticate()
#1 /srv/www/vhosts/owncloud/apps/openidconnect/lib/Controller/LoginFlowController.php(124): OCA\OpenIdConnect\Client->authenticate()
#2 /srv/www/vhosts/owncloud/lib/private/AppFramework/Http/Dispatcher.php(153): OCA\OpenIdConnect\Controller\LoginFlowController->login(*** sensitive parameters replaced ***)
#3 /srv/www/vhosts/owncloud/lib/private/AppFramework/Http/Dispatcher.php(85): OC\AppFramework\Http\Dispatcher->executeController()
#4 /srv/www/vhosts/owncloud/lib/private/AppFramework/App.php(100): OC\AppFramework\Http\Dispatcher->dispatch()
#5 /srv/www/vhosts/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(47): OC\AppFramework\App::main()
#6 /srv/www/vhosts/owncloud/lib/private/Route/Router.php(341): OC\AppFramework\Routing\RouteActionHandler->__invoke()
#7 /srv/www/vhosts/owncloud/lib/base.php(915): OC\Route\Router->match()
#8 /srv/www/vhosts/owncloud/index.php(54): OC::handleRequest()
#9 {main}","File":"/srv/www/vhosts/owncloud/apps/openidconnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php","Line":312}"
}

[DeepDiver1975]

Same site cookie issue. Long known.
Please have a look at config.php to change the cookie setting

[IljaN]

https://github.com/owncloud/core/blob/d1f0c43d61a2583fdf0f457bb07ea49de100d89a/config/config.sample.php#L273

[mmattel]

Is there something where we can improve the docs based on content in the logs making the issue more identifyable?
Like: If you see this do...

[DeepDiver1975]

Afaik we have this already covered ... But people don't read ..... 🙈

[IljaN]

This issue happened on a upgrade from php 7.2 to 7.4 so not sure how we handle that docs wise.

[jerrac]

Afaik we have this already covered ... But people don't read ..... see_no_evil

I did not find any mention of needing to change the http.cookie.samesite setting to None here: https://doc.owncloud.com/server/10.7/admin_manual/configuration/user/oidc/ or here: https://doc.owncloud.com/server/10.7/admin_manual/configuration/server/config_apps_sample_php_parameters.html#app-openid-connect-oidc or in this repo's readme.

It took weeks of off and on searching before I stumbled across this issue.

If I missed something in all that, it certainly was not due to a lack of effort on my part. I even just did a CTRL-F search on each of those pages for the word "cookie", just to make sure, and found nothing.

So I'd suggest documenting the cookie setting change in all three places I mentioned.

Either that, or add a reference to whatever location it actually is mentioned to the openid docs.

Um, just in case, I did see the comment in the example config file @IljaN so kindly linked. That doesn't count as documenting it. I would never think to look for docs for a plugin/app/module in the core applications example config. It just doesn't make sense to look there. At least to me...