State parameter is missing in the Error response in the Form Post mode #12693
Comments
16 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue:
According to the OIDCC Specification - 3.1.2.6 Section, if the authorization request includes the state parameter, the error response should contain that state value. But in the Form Post mode, the error response only contains the error and error_description parameters.
How to reproduce:
Send a request to the authorization endpoint with response_mode=form_post, prompt=none and with a state value.
For example:
https://localhost.com:9443/oauth2/authorize?client_id=NBLGP4u0_1nMUfTkweIvvDISyjQa&redirect_uri=https://localhost.emobix.co.uk:8443/test/a/test/callback&scope=openid&state=WCd2wWyXvOOk9CteGQPaMCOwte6hQMGeKzqfLQtGiTPsaRt2MMv0SBBhnsuLpJfo1hT2aiPg5VjeI2qCT00jpX1Dg26XEAZiCxq32WqbzuR4PuSvhq9MukGC0KxJjH4r&nonce=vo46KcYXSv&response_type=code&response_mode=form_post&prompt=noneA POST error response would be received with the response parameters in the form data as follows.
Expected behavior:
Since a state value is included in the request, the response parameters should have a state parameter.
Environment information :
The text was updated successfully, but these errors were encountered: