Replace the "checks.state argument is missing" error message
Opened this issue · 1 comments
Checklist
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
There are a lot of requests for help with this error message, on multiple community sites.
The current error message probably made sense to whoever was writing the function that was invoked with a "checks" object that was missing a "state" property, but it's meaningless to the those of us who have to troubleshoot such errors, because we didn't call that function.
We didn't call any function with parameters that even looks remotely like it needs a "state" parameter.
In fact we even have a distraction - my only guess at the time was that this message was related to not setting the "state" property of callbackParams.tokenEndpointParams - because it's named "state" and it was passed to the last function that I called before getting this error... But I continued to get the same error when callbackParams.tokenEndpointParams.state was clearly NOT missing.
Describe the ideal solution
Change the error message to "checks.state is not present in the auth_verification cookie"
...since that's what people are told to investigate when they ask for help with this message.
Alternatives and current workarounds
- ask for help
- wait for a response
- someone posts a response
We could skip all of those steps and just put that clue right into the error message.
Additional context
I'd submit a PR to fix this, but I can't figure out where the phrase "argument is missing" is coming from.
I searched the repo, but only found results in test cases.
We are also getting this same error with version 2.17.1 but only for Safari.
We are still using the default cookie session.
Something to do with the cookie used for the callback handling maybe (not sure but maybe it is called transaction cookie?)
The callback does receive the state and that is not missing.
Error comes from express-openid-connect/lib/context.js:366
"message": "checks.state argument is missing",
"stack": "BadRequestError: checks.state argument is missing\n at ResponseContext.callback (/var/app/node_modules/express-openid-connect/lib/context.js:366:15)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
express-openid-connect/lib/context.js:
let tokenSet;
try {
const callbackParams = client.callbackParams(req);
const authVerification = transient.getOnce(
config.transactionCookie.name,
req,
res
);
const checks = authVerification ? JSON.parse(authVerification) : {};
req.openidState = decodeState(checks.state);
tokenSet = await client.callback(redirectUri, callbackParams, checks, {
exchangeBody: {
...(config && config.tokenEndpointParams),
...options.tokenEndpointParams,
},
});
} catch (error) {
throw createError(400, error.message, {
error: error.error,
error_description: error.error_description,
});
}