Hello dear community,
I’m trying to configure authorization through B2C, but there is an issue with the last auth step which checks the ‘state’ parameter.
Here is my config:
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect',
'args' => {
'name' => 'openid_connect',
'scope' => ['https://*****.onmicrosoft.com/*****/read'],
'response_type' => 'code id_token token',
'issuer' => 'https://*****.b2clogin.com/*****/v2.0/',
'discovery' => false,
'send_scope_to_token_endpoint' => true,
'client_auth_method' => 'jwt_bearer',
'client_options' => {
'identifier' => '*****',
'secret' => '*****',
'redirect_uri' => 'https://<gitlab_subdomain>.azurewebsites.net/code/users/auth/openid_connect/callback',
'authorization_endpoint' => '*****',
'token_endpoint' => '*****',
'jwks_uri' => '*****',
'end_session_endpoint' => '*****'
}
}
}
]
When user tries to log in through SSO, B2C redirects him back to Gitlab (which is expected):
https://<gitlab_subdomain>.azurewebsites.net/code/users/sign_in#state=9ced49a37c64a52a6b827519bae0c38d&access_token=*****&token_type=Bearer&expires_in=3600&code=******&id_token=*****
But there is an exception which appears in Gitlab UI:
Could not authenticate you from OpenIDConnect because “Invalid ‘state’ parameter”.
According to documentation this parameter should be identical from both authorization sides. Is there any way to control its value or even get rid of it?
Gitlab version: 13.10