authts/oidc-client-ts

No state in response for one specific user

inomn opened this issue · 1 comments

Hi. I'm using Keycloak 20 with oidc-client-ts 3.0.1 + react-oidc-context 3.1.0.
For most of the users including myself everything works fine, except from one user. The issue is i don't have access to his machine so I can't test in anyhow. Can anyone suggest me the way to debug this issue or maybe point out to the errors i have in my setup?

I'm getting "No state in response" report, thrown from here:

  async readSigninResponseState(url, removeState = false) {
    const logger2 = this._logger.create("readSigninResponseState");
    const response = new SigninResponse(UrlUtils.readParams(url, this.settings.response_mode));
    if (!response.state) {
      logger2.throw(new Error("No state in response"));
      throw null;
    }

Config:

const redirectUrl = `${window.location.origin}${window.location.pathname}`;

export const oidcConfig: AuthProviderProps = {
  authority: `${config.oidc.authority}/realms/rouvia`,
  client_id: 'frontend',
  redirect_uri: redirectUrl,
  silent_redirect_uri: `${window.location.origin}/silent-callback`,
  post_logout_redirect_uri: window.location.origin,
  response_type: 'code',
  scope: 'openid profile email offline_access',
  automaticSilentRenew: true,
  loadUserInfo: true,
  onSigninCallback: (): void => {
    window.history.replaceState({}, document.title, window.location.pathname);
  },
};

export const userManagerConfig: UserManagerSettings = {
  ...oidcConfig,
  userStore: new WebStorageStateStore({ store: window.localStorage }),
};

SilentCallback is just a simple

useEffect(() => {
    const userManager = new UserManager(userManagerConfig);

    userManager.signinSilentCallback().catch((error) => {
      captureException(error);
    });
  }, []);

Thanks in advance.

If it's working for the majority but one, it means your config should be fine.
For the one where it's not working, the problem is either the "user" or the "machine".

So:

  • you could ask someone else to log-in on the same machine as the user
    -> if it works, it means the issue is related to the user, so maybe a Keycloak issue with the user account
  • you could ask the user to try on a different web-browser / machine
    -> if it works, it means the issue is related to the original web-browser / machine - and you start investigating from there (available updates ?, etc.)