hi all, i've tried to get this setup. Unfortunately it seems Okta insist (even with Single Page App (SPA)) to have state field in the POST even if (when using SPA) it's not actually used. The guacamole client just goes in a redirect loop with error in URL visible of "invalid state".
With SPA the state parameter can even be some random letters, but must be there. Using OIDCDebugger.com gleans this: error=invalid_request error_description=The authentication request has an invalid 'state' parameter. yet by adding a bunch of x's to the state parameter.. i get a much more positive response: state=xxxxxxxxxxxxx id_token=eyJraWQiOiI0NlpNbjlZZG5HQ1AxMGhDUWs5VWtvc2ljUmltTUR JRDBBbVh1dWhHUUhrIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHUxMDAx NnVwUzhFaENuMjJwNyIsInZlciI6MSwiaXNzIjoiaHR0cHM6Ly9hdG9zbXBj YXdzLm9rdGEuY29tIiwiYXVkIjoiMG9hMTIzZG8weXNibFN4dUoycDciLCJp YXQiOjE1MjQ3NTQwOTUsImV4cCI6MTUyNDc1NzY5NSwianRpIjoiSUQuRmZGYzFpZlA2VG did anyone successfully use Okta with OIDC in Guacamole? If not I'd kindly ask that state could be added as an optional parameter to the guac properties file. https://developer.okta.com/docs/api/resources/oidc#authorize thanks in advance.