-
-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What does "state mismatch" mean? And what causes it? #49
Comments
There may be a further clue. I also get an error back from the RESTful API, as follows. this is slightly different but might be closer to the origin of the issue.
|
Attached is an example which replicates this: attempting to /api/auth does redirect, but on return you get the state mismatch error. |
First things first, you can read about the state parameter and why when it mismatches an error should be thrown in the specification. The library pushes a state and nonce into the requests whenever appropriate and relies on the session storage to persist them between the request and callback. The reason why a mismatch happens is because on the callback pass the session data is missing, hence a received state does not match provided state (since its not loaded from the session). Reason for that is that you explicitly set cookie option to |
I'm struggling to get this component to work, using it with
passport
andexpress
. Basically, I'm getting a backtrace from deep in the innards of the system, and I can't find how to pin down the issue.It's likely it's something interacting with
passport
, but I've had to piece it together as there isn't a example for eitherexpress
orpassport
, and I'm not sure what I'm doing. I only got this far with luck because authentication was running a redirect loop as well.Any help or guidance would be very welcome.
Backtrace is as follows:
The text was updated successfully, but these errors were encountered: