Doesn't sound correct to me. Are you expecting the invalid state param result?
Is this reproducible?
----- Original Message -----
From: "Michael Gerber" <gerbermichi(a)me.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 9 January, 2015 1:45:26 PM
Subject: [keycloak-dev] Strange behaviour with invalid state param
Hi,
I have a strange behaviour with an invalid state param.
The server writes the following log, which is correct:
WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No
state cookie
After that I receive a 400 error in my browser with the following URL:
https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40Zd...
I can load this URL again and than I am successfully logged in.
Is this the correct behaviour?
Best
Michael
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev