audiobookshelf-app icon indicating copy to clipboard operation
audiobookshelf-app copied to clipboard

Published 20 hours ago verified publisher icon advplyr

OIDC Authentication fails with "state parameter mismatch"

Open k8ieone opened this issue 1 year ago • 10 comments

Steps to reproduce

  1. Use Authentik OIDC for authentication
  2. Try logging in with the mobile app
  3. "State parameter mismatch"

Expected behaviour

The user should be logged in.

Actual behaviour

The login fails and the web browser ends up on this page: Screenshot_20240110-134039.png

(up in the left corner)

ResizedImage_2024-01-10_13-41-43_1209.png

Logging in to the web interface through OIDC works as expected. That's why I'm reporting this here.

Environment data

Audiobookshelf Version:

  • Android App 0.9.71-beta

Android Issue

Android version: 13

Device model: Wingtech T-Phone

Stock or customized system: Stock (pretty much vanilla Android)

k8ieone avatar Jan 11 '24 19:01 k8ieone

What is the version of the server?

advplyr avatar Jan 11 '24 20:01 advplyr

@advplyr 2.7.1, brand new deployment.

k8ieone avatar Jan 11 '24 21:01 k8ieone

Update: I managed to log in today.

I still ended up on the "state parameter mismatch" page, but after tapping on "open", the app proceeded to log in.

Previous attempts resulted in the app either freezing or crashing.

I did not change anything about my setup, so I'm not sure why it works now.

k8ieone avatar Jan 14 '24 22:01 k8ieone

I'm not sure either. Are you still having odd behavior?

advplyr avatar Jan 22 '24 23:01 advplyr

Update: I managed to log in today.

I still ended up on the "state parameter mismatch" page, but after tapping on "open", the app proceeded to log in.

Previous attempts resulted in the app either freezing or crashing.

I did not change anything about my setup, so I'm not sure why it works now.

Thats weird. I suspect its something with the Browser on your Android because if you get the screen "Open in another App" it means the auth was successful. Maybe your browser reloads the page for a second time or so AND shows "Open in another app", which would lead to that kind of message you see in the background.

Sapd avatar Jan 24 '24 14:01 Sapd

@Sapd That could be it. Just for the record - the browser used here is Fennec.

I just tested again today. The "state parameter mismatch" page still loads, but the login succeeds after pressing "open".

k8ieone avatar Jan 30 '24 00:01 k8ieone

Have you tested with another browser?

advplyr avatar Feb 02 '24 23:02 advplyr

@advplyr No, but I can try. Which browsers should I test?

k8ieone avatar Feb 05 '24 09:02 k8ieone

@k8ieone You can just try any on the device. Chrome or Firefox for example.

Sapd avatar Feb 05 '24 15:02 Sapd

@Sapd I tested with Firefox and Chrome. Firefox has the same behavior.

Chrome went right back to the app after signing in to my IDP. This is how I think it should look.

So it looks like this is a Firefox-only issue (Fennec is a fork).

k8ieone avatar Feb 08 '24 18:02 k8ieone

I'm not sure if there is anything we can do about this. We aren't doing anything special but a redirect

advplyr avatar Mar 21 '24 14:03 advplyr

Since logging in works I think we can close this.

k8ieone avatar Mar 23 '24 06:03 k8ieone