How to use the state parameter in passport-okta-oauth?

mahesh_kumaran · July 16, 2020, 6:53am

I am using passport-okta-oauth to implement Okta SSO in my application . I referred the documentation and came to know about the usage of the state parameter. However , when I pass state parameter in my request. I get the following error :

{ 'message': 'Unable to verify authorization request state'}

Here is the reference to my code:

app.get('/oauth/redirect/okta', function (req, res, next) {
        // Retriving the state value here 
        let stateString = JSON.parse(Buffer.from(req.query.state, 'base64').toString('ascii'));
        passport.authenticate('okta', { failureRedirect: `${config.oauthDomainUrl}/oauth/failure?provider=okta` }, function (err, user, info) {
            if (req.query.error != undefined) {
                res.redirect('/oauth/failure?provider=okta');
            } else {
                var profileId = user.id;

                /* Profile Id is sent along the URL to know that the user authentication is successful */
                let redirectUrl = `${config.redirectUrl}?pid=${profileId}&orgId=${stateString.orgId}&clientId=${stateString.clientId}`;
                res.redirect(redirectUrl)
            }

        })(req, res, next);
});

app.get('/oauth/okta', function (req, res, next) {
    let stateString = Buffer.from(JSON.stringify(req.query)).toString('base64')
        passport.authenticate('okta',{
            state: stateString // passing the state string here
        },function () {
            /* The request will be redirected to Okta for authentication, so this
                function will not be called. */
        })(req, res, next);
    }
})

In the three parameters in the successful redirect (err, user, info) . I get the following response

err : null

user : false

info : { 'message': 'Unable to verify authorization request state'}

Everything worked fine until I passed the state parameter.

td98401 · November 23, 2021, 5:18pm

I’m running into the exact same problem described here, can anyone offer an explanation or solution? I need to pass some state through to the callback so this is quite an issue.

To add some additional context, I can see that if I do not pass the state parameter, a randomly generated state value is attached to the request on the session property:

req.session:  Session {
  cookie: {
    path: '/',
    _expires: null,
    originalMaxAge: null,
    httpOnly: true,
    secure: false
  },
  '<myhost>.okta.com': { state: 'dzyMg6AO1xFxnwdn33WbnRKT' }
}

When I pass my custom state (which is just a string and is allowed as per the documentation) then that key/value pair is missing which causes the error from the oauth-library I am using (I am using passport-oauth2 but I also used passport-okta-oauth and experienced the same problem).

req.session:  Session {
  cookie: {
    path: '/',
    _expires: null,
    originalMaxAge: null,
    httpOnly: true,
    secure: false
  }
}

j4016 · January 24, 2022, 11:27am

Hi,

I am having the similar issue and would like to know if anyone has had success with this?

j4016 · January 25, 2022, 4:32pm

For anyone looking - the solution for me was from here - Infinite redirect loop, "Invalid authorization request state." · Issue #89 · auth0/passport-auth0 · GitHub

Post		Replies	Views
Passing state in auth flow Questions	3	5912	January 23, 2024
Trying to pass state through the redirects and back to the assert route Questions	3	3711	February 8, 2024
Okta OIDC integration NodeJS OAuth/OIDC	3	1535	December 12, 2023
Passport-openidconnect login fails OAuth/OIDC	4	2703	November 16, 2023
How to redirect to a different URL after successful Okta authentication? OAuth/OIDC	1	4337	February 13, 2024

How to use the state parameter in passport-okta-oauth?

Related topics