noradomi opened a new issue, #9131: URL: https://github.com/apache/apisix/issues/9131
### Description Hi all, I made a demo APISIX integrate with Ory Hydra OAuth2 based on example here: https://apisix.apache.org/blog/2022/07/04/apisix-integrates-with-hydra/, but my deployment is on local K8s using kind. The deployment model can see here: https://imgbox.com/PYyigNhx I setup all things and almost step work normally but I got following error here: ``` 2023/03/21 09:22:52 [error] 52#52: *20090123 [lua] openidc.lua:1100: authenticate(): state from argument: 730502c72b868aa5ffa2c4554abc3c0b does not match state restored from session: nil, client: 127.0.0.1, server: _, request: "GET /callback?code=ory_ac_B69QeiimNPi3Q8-QjQ5M4wGe88UcgV2nnUyNPwpgw2A.IsN5DUkYHn5d1FlzXmB-I3iXPXM9j6AbWfhPq551Umo&scope=openid&state=730502c72b868aa5ffa2c4554abc3c0b HTTP/1.1", host: "127.0.0.1:9080", referrer: "http://example-idp.localhost:3000/"; 2023/03/21 09:22:52 [error] 52#52: *20090123 [lua] openid-connect.lua:359: phase_func(): OIDC authentication failed: state from argument does not match state restored from session, client: 127.0.0.1, server: _, request: "GET /callback?code=ory_ac_B69QeiimNPi3Q8-QjQ5M4wGe88UcgV2nnUyNPwpgw2A.IsN5DUkYHn5d1FlzXmB-I3iXPXM9j6AbWfhPq551Umo&scope=openid&state=730502c72b868aa5ffa2c4554abc3c0b HTTP/1.1", host: "127.0.0.1:9080", referrer: "http://example-idp.localhost:3000/"; ``` APISIX throw this error after I'm done accept access in consent page, and redirect to 127.0.0.1:9080/callback.... and page show 500 Internal Server Error. This is my open-id plugin config to connect with Ory Hydra. ``` { "_meta": { "disable": false }, "bearer_only": false, "client_id": "61fc64f4-ae2e-42d0-99e5-134e2943f935", "client_secret": "some-secret", "discovery": "http://hydra-public.hydra.svc.cluster.local:4444/.well-known/openid-configuration";, "redirect_uri": "http://127.0.0.1:9080/callback";, "scope": "openid", "token_endpoint_auth_method": "client_secret_basic" } ``` I don't know why got this error. Can someone help me with it? ### Environment - APISIX version (run `apisix version`): apisix:3.2.0-debian - Operating system (run `uname -a`): kind cluster - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): etcd:3.5.4-debian-11-r14 - APISIX Dashboard version, if relevant: 3.0.0 - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
