Comments (3)
What SameSite-config do you have?
We ran into errors like this after upgrading to Samesite=lax.
Found the reason in this blog post:
https://www.ubisecure.com/technical-announcements/samesite-cookies-changes/
Caution: unless some of the OIDC integrations are using response_mode=form_post
So if Microsoft Azure AD supports other response_modes I would suggest removing response_mode=form_post
.
from omniauth_openid_connect.
Are you using the gem omniauth-rails_csrf_protection, or have you included something like this? It's needed when using omniauth v2. I remember getting some csrf related errors and adding the gem, plus the skip_forgery_protection
, and that seemed to solve them.
Might not be the same though, I'm not using the same provider.
from omniauth_openid_connect.
I had the same issue in development, but it was my fault and super easy to fix: I was using "http://127.0.0.1:3000/..." when accessing my app but the callback had to point to a domain, so I had to use "http://localhost:3000/..." for it. This of course doesn't work, because the cookie that contains the state gets lost when the domain is switched by the redirect happening in the callback. Simply always using "http://localhost:3000/..." fixed the issue for me.
from omniauth_openid_connect.
Related Issues (20)
- Allow relaxing state check for IdP initiated SSO HOT 5
- Automatically set (and send?) redirect_uri HOT 2
- Dynamically Set ACR Values HOT 3
- OneLogin OIDC post_logout_redirect_uri issue HOT 3
- OpenID-provider without `userinfo_endpoint`
- Uninitialized constant json::jws::unknownalgorithm HOT 1
- Pitfalls setting up OIDC with ADFS HOT 2
- Why should the logout path be relative to request_path
- Possible bug when upgrading to 0.7.0 and openid_connect to 2.2.0 HOT 2
- When using jwks_uri, default value fails becuase it's not a URI
- Authentication failure! no implicit conversion of Hash into String (version 0.6.1) HOT 3
- Migration guide from gitlab-omniauth-openid-connect to this gem? HOT 4
- Problem using microsoft oauth2 as provider because of dynamic issuer HOT 7
- Dynamic client_options.redirect_uri value HOT 3
- Could not authenticate you from [My Provider name] because "Unknown" HOT 3
- Actioncontroller::InvalidAuthenticityToken with omniauth_openid_connect and omniauth-rails_csrf_protection HOT 1
- How not to send the `state` parameter?
- Getting a routing error after initialization HOT 3
- Back-channel Single Sign Out Support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth_openid_connect.