-
Notifications
You must be signed in to change notification settings - Fork 175
"State" gets encoded and causes "collectInfoFromReq: invalid state received" #309
Comments
I used a custom state too:
|
@AskYous Thank you for the bug. I will fix later. |
@lovemaths good to hear. Do you know any temporary workaround I can use for now? A lot of my users aren't getting authenticated. Can I have the state not have any special characters? |
@AskYous Yes, there is a quick fix to it. In lib/aadutils.js, line 107. change
to
|
@AskYous Before we send the state, we save it in session (or cookie, based on your config). After we receive the state back from Azure AD, we will try to retrieve it from session (or cookie, based on your config). If we don't find the exact state, we throw the error that you saw. It seems something went wrong where the state was saved. (1) What is the config you used for passport-azure-ad? (2) Are you running the app in one server or multiple servers? |
Hey @lovemaths, It's run on my localhost server and in a production server. On localhost, it seems to work 100% of the time. On production, it fails most of the time. I even used an incognito tab for the production server and it fails. This is the config file we have:
and I have the following for
I have something that may be causing this issue. Because I don't know a way to set the |
@AskYous Not sure why you need different Per your config, We can add some logging to session, see if something is wrong there. |
Issue #309 correct uid encoding problem
@AskYous The encoding problem is fixed in the new release. |
When I try to authenticate, I received the following error:
authentication failed due to: In collectInfoFromReq: invalid state received in the request
When the user is forwarded to the authorization endpoint, the state I have is this:
CUSTOMdujKnvj%2BJ1ezw5qrAUW6RaHqAUtiU1jxmy_state
When they're forwarded back to the redirectUri, the state is this:
CUSTOMdujKnvj+J1ezw5qrAUW6RaHqAUtiU1jxmy_state
Notice the difference:
Looks like the '+' is being encoded where it wasn't before.
The text was updated successfully, but these errors were encountered: