You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have multiple apps using the same domain with the same login system (Cognito). When navigating directly to a page, there are no issues. However, if I navigate to the first page, then go to the second page, and finally click the browser's back button to return to the first page, I always encounter a BadRequestError.
BadRequestError: checks.state argument is missing
at ResponseContext.callback (/home/node_modules/express-openid-connect/lib/context.js:354:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
It only happens on v2 express-openid-connect, but not on v1.
App using v2 is able to return to app using v1 without issue using browser's back button. Somehow it only happens in v2.
Is it the desired behavior or am I overlooking something? Thank you for your time.
Reproduction
Login to the portal
Route to the first page
Route to the second page
Click browser's back button to return to the first page.
Update: Just to be clear, I think the issue is that your apps are overwriting each other's cookies (specifically the auth_verification cookie). The steps below are to segregate each app's cookies onto a specific server path.
Since your 2 apps are on the same domain, does that mean they're each hosted on different paths?
I had to do something similar before, and it was a pain to deal with and requires you to re-mount your routes based on how your reverse proxy forwards requests. A couple things I remember doing:
Configure each app to inject a Path cookie attribute so they get stored separately in the browser (example below). I can't remember if I needed different cookie names as well, but worth testing
Re-mount my app on the /<path> I had just configured. This will depend on how your proxy forwards the requests. Is it stripping out the first path before forwarding to your node server?
Add cookie path config:
server.use(auth({
...,session:{name: '<Different name for each app, to avoid cookie name collision>',cookie: {path: '<Different path for each app>'}}}));
There might be fewer requests for help with this error message if it was changed from:
"checks.state argument is missing"
to
"checks.state is not present in the auth_verification cookie"
The current error message probably made sense to whoever was writing the function that was invoked with a "checks" object that was missing a "state" property, but it's meaningless to those of us who are using this library, since we didn't call that function ourselves.
I'd submit a PR to fix this, but I can't figure out where the phrase "argument is missing" is coming from. I searched the repo, but apparently it only appears in test cases.
Checklist
Description
I have multiple apps using the same domain with the same login system (Cognito). When navigating directly to a page, there are no issues. However, if I navigate to the first page, then go to the second page, and finally click the browser's back button to return to the first page, I always encounter a BadRequestError.
It only happens on v2 express-openid-connect, but not on v1.
App using v2 is able to return to app using v1 without issue using browser's back button. Somehow it only happens in v2.
Is it the desired behavior or am I overlooking something? Thank you for your time.
Reproduction
One of the apps setup:
Additional context
No response
express-openid-connect version
2.17.1
Express version
4.18.2
Node.js version
16
The text was updated successfully, but these errors were encountered: