-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login flow with two browser tabs produces a state mismatch error #142
Comments
Hi @SantiMA10 - thanks for raising this. This is because the Middleware stores some transient state (nonce, state, code_verifier) to verify the callback request from the authorization server in cookies. When you open tab 1 to login some state is stored, when you open tab 2 some more state is stored which overwrites tab 1's state. When you then go back to tab 1 to complete login, the state in your callback won't match the state in your cookies. There are various approaches to resolving this but we find the simplest and most effective is to recommend clients handle the error and prompt the user to attempt login again, as they have an active sso session they won't be prompted to enter their credentials again on the authorization server. |
Description
If you open two browser tabs going and try to log in at the same time it results in a state mismatch error.
Reproduction
Environment
The text was updated successfully, but these errors were encountered: