[keycloak-dev] Strange behaviour with invalid state param

Bill Burke bburke at redhat.com
Fri Jan 9 08:40:44 EST 2015


What I think is happening is that you have an invalid state cookie (as 
per the oauth spec), you reload the app URL again and authentication is 
successful.  While I don't know why you are getting "No state cookie" 
the rest makes sense as you're just going through a successful login.

On 1/9/2015 7:45 AM, Michael Gerber wrote:
> Hi,
>
> I have a strange behaviour with an invalid state param.
>
> The server writes the following log, which is correct:
> WARN  [org.keycloak.adapters.OAuthRequestAuthenticator] (default
> task-17) No state cookie
>
> After that I receive a 400 error in my browser with the following URL:
> https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40ZdCx2FjC6qslukdc.9ef6b6f7-b888-4a59-b34c-7af6d490614b&state=dc-4d82-b0c9-d434b917dfce
>
> I can load this URL again and than I am successfully logged in.
>
> Is this the correct behaviour?
>
> Best
> Michael
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list