Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty "state=" parameter causes error with OIDC providers. #18424

Open
5 tasks
terrancesnyder opened this issue May 10, 2024 · 1 comment
Open
5 tasks

Empty "state=" parameter causes error with OIDC providers. #18424

terrancesnyder opened this issue May 10, 2024 · 1 comment
Labels
component/operate Related to the Operate component/team kind/bug Categorizes an issue or PR as a bug

Comments

@terrancesnyder
Copy link

Describe the bug

The URL generated for OIDC authentication has an empty and invalid "state" property.

To Reproduce

  • Configure operate to use OIDC provider
  • Try to login
  • Ory Hydra rejects request because URL contains invalid empty "state=" parameter.

Current behavior

Expected behavior

State should be populate. See below where "withState(...)" could be called with random string.

See code here, which isn't generating state parameter...

https://github.com/camunda/zeebe/blob/main/operate/webapp/src/main/java/io/camunda/operate/webapp/security/sso/Auth0Service.java#L120

Empty state
image

Results in

image

Environment

  • Docker

Additional context

      - CAMUNDA_IDENTITY_TYPE=GENERIC
      - CAMUNDA_IDENTITY_ISSUER=https://secure.dev.klustr.io/hydra
      - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=https://secure.dev.klustr.io/hydra
      - CAMUNDA_IDENTITY_CLIENT_ID=xxxxxxxxxxxxxx
      - CAMUNDA_IDENTITY_CLIENT_SECRET=xxxxxxxxx

Acceptance Criteria

Definition of Ready - Checklist

  • The bug has been reproduced by the assignee in the environment compatible with the provided one; otherwise, the issue is closed with a comment
  • The issue has a meaningful title, description, and testable acceptance criteria
  • The issue has been labeled with an appropriate Bug-area label
  • Necessary screenshots, screen recordings, or files are attached to the bug report

For UI changes required to solve the bug:

  • Design input has been collected by the assignee

Implementation

🔍 Root Cause Analysis

💭 Proposed Solution

👉 Handover Dev to QA

  • Changed components:
  • Side effects on other components:
  • Handy resources:
    BPMN/DMN models, plugins, scripts, REST API endpoints + example payload, etc :
  • Example projects:
  • Commands/Steps needed to test; Versions to validate:
  • Docker file / HELM chart : in case that it needed to be tested via docker share the version contain the fixed along with version of other services .
  • Release version ( in which version this fixed/feature will be released):

📗 Link to the test case
@terrancesnyder terrancesnyder added component/operate Related to the Operate component/team kind/bug Categorizes an issue or PR as a bug labels May 10, 2024
@johanwelgemoed
Copy link
Contributor

Spend small time box to determine if anything is needed on Operate or all on Identity side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/operate Related to the Operate component/team kind/bug Categorizes an issue or PR as a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terrancesnyder @johanwelgemoed