[keycloak-dev] Strange behaviour with invalid state param
Stian Thorgersen
stian at redhat.com
Fri Jan 9 08:35:31 EST 2015
Doesn't sound correct to me. Are you expecting the invalid state param result?
Is this reproducible?
----- Original Message -----
> From: "Michael Gerber" <gerbermichi at me.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 9 January, 2015 1:45:26 PM
> Subject: [keycloak-dev] Strange behaviour with invalid state param
>
> Hi,
>
> I have a strange behaviour with an invalid state param.
>
> The server writes the following log, which is correct:
> WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No
> state cookie
>
> After that I receive a 400 error in my browser with the following URL:
> https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40ZdCx2FjC6qslukdc.9ef6b6f7-b888-4a59-b34c-7af6d490614b&state=dc-4d82-b0c9-d434b917dfce
>
> I can load this URL again and than I am successfully logged in.
>
> Is this the correct behaviour?
>
> Best
> Michael
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list