slysiou commented on issue #10149:
URL: https://github.com/apache/apisix/issues/10149#issuecomment-1705477928
When I bypass nginx with ngrok I get:
```
2023/09/04 15:27:20 [info] 882#882: *759912 [lua] init.lua:607: fun_org():
matched route: {...}
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:1471:
authenticate(): Redirect URI path (/callback) is currently navigated ->
Processing authorization response coming from OP
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:560:
openidc_discover(): openidc_discover: URL is:
https://auth.xxx.com/realms/xxx/.well-known/openid-configuration
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:115:
openidc_cache_get(): cache hit: type=discovery
key=https://auth.xxx.com/realms/xxx/.well-known/openid-configuration
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:678:
openidc_get_token_auth_method(): 1 => private_key_jwt
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:72:
supported(): Can't use private_key_jwt without opts.client_rsa_private_key
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:678:
openidc_get_token_auth_method(): 2 => client_secret_basic
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:681:
openidc_get_token_auth_method(): no configuration setting for option so select
the first supported method specified by the OP: client_secret_basic
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:695:
openidc_get_token_auth_method(): token_endpoint_auth_method result set to
client_secret_basic
2023/09/04 15:27:20 [debug] 882#882: *759912 [lua] openidc.lua:1134:
authenticate(): Authentication with OP done -> Calling OP Token Endpoint to
obtain tokens
```
And behind the first NGINX it fails with:
```
2023/09/04 15:26:44 [info] 879#879: *755478 [lua] init.lua:607: fun_org():
matched route: {...}
2023/09/04 15:26:44 [debug] 879#879: *755478 [lua] openidc.lua:1471:
authenticate(): Redirect URI path (/callback) is currently navigated ->
Processing authorization response coming from OP
2023/09/04 15:26:44 [error] 879#879: *755478 [lua] openidc.lua:1475:
authenticate(): request to the redirect_uri path but there's no session state
found, client: 192.168.32.1, server: _, request: "GET
/callback?state=1c779efec465a8501cb6e45bbaa08520&session_state=b5af816d-07b2-465f-b090-13b58b87908a&code=f918c57b-cb6d-4844-9b4d-0a0e9b63cbfa.b5af816d-07b2-465f-b090-13b58b87908a.ab703194-4f67-4d9e-8a26-eff9157dc310
HTTP/1.1", host: "docs.yavantha.com"
2023/09/04 15:26:44 [error] 879#879: *755478 [lua] openid-connect.lua:359:
phase_func(): OIDC authentication failed: request to the redirect_uri path but
there's no session state found, client: 192.168.32.1, server: _, request: "GET
/callback?state=1c779efec465a8501cb6e45bbaa08520&session_state=b5af816d-07b2-465f-b090-13b58b87908a&code=f918c57b-cb6d-4844-9b4d-0a0e9b63cbfa.b5af816d-07b2-465f-b090-13b58b87908a.ab703194-4f67-4d9e-8a26-eff9157dc310
HTTP/1.1", host: "docs.yavantha.com"
2023/09/04 15:26:44 [warn] 879#879: *755478 [lua] plugin.lua:1102:
run_plugin(): openid-connect exits with http status code 500, client:
192.168.32.1, server: _, request: "GET
/callback?state=1c779efec465a8501cb6e45bbaa08520&session_state=b5af816d-07b2-465f-b090-13b58b87908a&code=f918c57b-cb6d-4844-9b4d-0a0e9b63cbfa.b5af816d-07b2-465f-b090-13b58b87908a.ab703194-4f67-4d9e-8a26-eff9157dc310
HTTP/1.1", host: "docs.yavantha.com"
```
The Json in {...} are similar, no typo issue...
After more than 3 days, this drive me mad !
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
