Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Duplicate
-
1.0.0
-
None
-
None
-
ubuntu 16.04
-
Patch, Important
Description
i've tried to get this setup. Unfortunately it seems Okta insist (even with Single Page App (SPA)) to have state field in the POST even if (when using SPA) it's not actually used. The guacamole client just goes in a redirect loop with error in URL visible of "invalid state".
With SPA the state parameter can even be some random letters, but must be there. Using OIDCDebugger.com gleans this:{quote}
error=invalid_state
error_description=The authentication request has an invalid state parameter.
Attachments
Issue Links
- duplicates
-
GUACAMOLE-560 Include "state" parameter in OpenID Connect authorization request
- Open