yzhaowei commented on issue #2426: URL: https://github.com/apache/apisix/issues/2426#issuecomment-1102187049
I had the same issue even I followed the solution given as above, which use a "vanity" URL like '/redirect'. I also followed the tutorial in [APISIX blog with Authing](https://apisix.apache.org/zh/blog/2022/01/04/authing), it failed too. Some facts: - The `redirect_uri ` in the `openid-connect` plugin configuration must be one of call backs in the IdP, e,.g Authing.cn. - The login was successful. There is a successful record in the website of Authing.cn under '用户行为日志'. - My browser shows something like `http://localhost:9080/redirect?code=<code>&state=<state>`. It seems APISIX did not redirect to the redirect_uri. I also tried `redirect_uri: http://localhost:9080/` and failed too. ``` # a successful login but fails to redirect to /image/png curl -X PUT \ http://127.0.0.1:9080/apisix/admin/routes/2 \ -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ -d '{ "uri": "/image/*", "upstream_id": "1", "plugins": { "openid-connect": { "client_id": "<client id>", "client_secret": "<client secret>", "discovery": "<.../.well-known/openid-configuration>", "bearer_only": false, "scope": "openid profile", "redirect_uri": "http://localhost:9080/redirect"; } } }' ``` Here are the response after a successful user login using OIDC. Obviously, it was caused by accessing to `/redirect`. ``` {"error_msg":"404 Route Not Found"} ``` Here are the log information in `error.log` and `access.log`. ``` # error.log 2022/04/19 06:49:58 [error] 47#47: *480883 [lua] openidc.lua:1378: authenticate(): request to the redirect_uri path but there's no session state found, client: 172.18.0.1, server: _, request: "GET /image/png HTTP/1.1", host: "localhost:9080" 2022/04/19 06:49:58 [error] 47#47: *480883 [lua] openid-connect.lua:304: phase_func(): OIDC authentication failed: request to the redirect_uri path but there's no session state found, client: 172.18.0.1, server: _, request: "GET /image/png HTTP/1.1", host: "localhost:9080" 2022/04/19 06:49:58 [warn] 47#47: *480883 [lua] plugin.lua:750: run_plugin(): openid-connect exits with http status code 500, client: 172.18.0.1, server: _, request: "GET /image/png HTTP/1.1", host: "localhost:9080" ``` ``` # access.log 172.18.0.1 - - [19/Apr/2022:06:53:03 +0000] localhost:9080 "GET /image/png HTTP/1.1" 302 142 0.000 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0" - - - "http://localhost:9080"; 172.18.0.1 - - [19/Apr/2022:06:53:13 +0000] localhost:9080 "GET /redirect?code=<code>&state=<state> HTTP/1.1" 404 47 0.000 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0" - - - "http://localhost:9080"; ``` Environment (Docker images): - apache/apisix:2.13.1-alpine - apache/apisix-dashboard:2.10.1-alpine - bitnami/etcd:3.4.15 - prom/prometheus:v2.25.0 - grafana/grafana:7.3.7 @starsz, Do you tested the tutorial using Authing? Is there any further solution? Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
