-
-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
State_Error in Firefox / Chrome but not Safari #2244
Comments
Please provide a full reproduction. We cannot implement a simple OAuth 2 service in our free time. 😬 If configured correctly, I can assure you that Chrome and Firefox will work properly as well. You can test it through our growing list of built-in providers that use state as a protection check https://next-auth.js.org/configuration/providers You could also check if you don't block cookies in your browser. It might be some settings there, since you claim that Safari works. |
@balazsorban44 Hi Balazs, I am going to open source the OAuth service when I have the time. I will then create a simple spike project to demonstrate the issue. Until then: is there an exchange board / server to discuss next-auth related things? |
Yes, we have Issues and Discussions 😁. I am not a big fan of authed/obscured places like Discord and Slack for OSS projects like this. Not easily searchable by those who need it the most (newcomers, who may haven't even heard of those services, or don't wish to register yet another platform just to get help). Not to mention, that as maintainers, it is a considerable overhead for us to jump between platforms to manage everything. (We are working on If you have any additional questions/information, please add it here. |
@balazsorban44 On my OAuth service which integrates with the Authentication layer of my server side application "App A" I expose a simple login page where users can login with their "App A" credentials. Upon authentication the user is presented with the OAuth grant page, where they decide to allow access for the requesting app "External App". Once they accept I initiate a fetch request to the OAuth service, which then handles the "marriage" between the user account from "App A" and an auth code to be used by "External App" to obtain the access token and refresh token (all done as per rfc6749). |
I saw it, and it's in discussions now, as it didn't propose a change or reported a bug let's keep this issue focused on a single problem. 🙂 |
@balazsorban44 yeah, I thought maybe you had something to contribute to this discussion ;) |
Description 🐜
The expected state changes while performing the sign-in requests (grant access, issue auth code, use auth code to get access token, ...) which leads to this: http://localhost:3000/api/auth/error?error=OAuthCallback (OAuthCallbackError).
The same code runs fine in Safari though - the state is matched correctly there and the user is successfully created.
How to reproduce ☕️
Screenshots / Logs 📽
state=83a88c0dd8f5ff505b1b72133d844a2142fc54ba8f2dbbe71fb45c6e091753c8
was passed to my oauth webservice. expectedState changes in Chrome/Firefox but not Safari - the code runs fine there (except for an issue with cors redirecting).Environment 🖥
Please run this command in your project's root folder:
Binaries:
Node: 14.16.1 - ~/.nvm/versions/node/v14.16.1/bin/node
Yarn: 1.22.10 - ~/.nvm/versions/node/v14.16.1/bin/yarn
npm: 7.9.0 - ~/.nvm/versions/node/v14.16.1/bin/npm
npmPackages:
next: 10 => 10.0.1
next-auth: ^3.27.0 => 3.27.0
react: ^17.0.1 => 17.0.1
The text was updated successfully, but these errors were encountered: