node-openid-client, how to resolve errors like "callbackParams of undefined" and "state mismatch"
Question
Regarding this library https://github.com/panva/node-openid-client
Is that correct to assume that the same openIdClient instance should be handling both openIdClient.authorizationUrl() and openIdClient.callbackParams() for a particular authentication request.
As I found out, it could be wrong, that if the instance is different between these 2 calls, then "callbackParams of undefined" and "state mismatch" errors could happen, especially in a multi-instance environment.
Thanks
2 answers
solution1
1 2021-08-19 08:17:51
There is no requirement for the same Instance of the Client class to handle the init and callback phases.
Not being able to access Client.prototype.callbackParams due to client being undefined is an application level error.
The OP's problem in question is being handled in a package that includes openid-client here .
solution2
0 2021-08-15 09:49:40
Yes, the client should be the same instance that handles the initial authentication request and that also retrieves the final tokens from the OICD provider.
Most of the security features like state and PKCE in OICD requires this to be true.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.