[ https://issues.apache.org/jira/browse/GUACAMOLE-560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman reassigned GUACAMOLE-560: --------------------------------------- Assignee: Nick Couchman > Include "state" parameter in OpenID Connect authorization request > ----------------------------------------------------------------- > > Key: GUACAMOLE-560 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-560 > Project: Guacamole > Issue Type: Wish > Components: guacamole-auth-openid > Reporter: Dave Smith > Assignee: Nick Couchman > Priority: Trivial > > {quote}i've tried to get this setup. Unfortunately it seems Okta insist (even > with Single Page App (SPA)) to have state field in the POST even if (when > using SPA) it's not actually used. The guacamole client just goes in a > redirect loop with error in URL visible of "invalid state". > > With SPA the state parameter can even be some random letters, but must be > there. Using OIDCDebugger.com gleans this:{quote} > {quote} > error=invalid_request > error_description=The authentication request has an invalid 'state' > parameter. > > yet by adding a bunch of x's to the state parameter.. > > i get a much more positive response: > state=xxxxxxxxxxxxx > id_token=eyJraWQiOiI0NlpNbjlZZG5HQ1AxMGhDUWs5VWtvc2ljUmltTURJRDBBbVh1dWhHUUhrIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHUxMDAxNnVwUzhFaENuMjJwNyIsInZlciI6MSwiaXNzIjoiaHR0cHM6Ly9hdG9zbXBjYXdzLm9rdGEuY29tIiwiYXVkIjoiMG9hMTIzZG8weXNibFN4dUoycDciLCJpYXQiOjE1MjQ3NTQwOTUsImV4cCI6MTUyNDc1NzY5NSwianRpIjoiSUQuRmZGYzFpZlA2VG > > I'd kindly ask that state could be added as an optional parameter to the guac > properties file.{quote} -- This message was sent by Atlassian Jira (v8.3.4#803005)