I have the setup for OpenIDConnect mostly working, but when it gets redirected back to gitlab after logging in it says:
Could not authenticate you from OpenIDConnect because "Invalid 'state' parameter".
I have checked and
state parameter in the call to my oauth provider matches the
state parameter in the URL fragment in both the callback and the sign in page.
As far as I understand these just need to match, and they do, yet the error above is given instead of logging in. Is there some place that gitlab is supposed to be storing this and isn’t?
EDIT: So when I was setting this up I was getting errors about the client not supporting the
implicit grant type, so I enabled it, but I know that is not really recommended anymore. Why is gitlab trying to use that grant type when I set up the omniauth stuff?
EDIT2: If I set
response_type: "code" in the config, it fails at the callback saying
Could not authenticate you from OpenIDConnect because "Unexpected token at 'eyjhbgcioij...' and it shows the jwt encoded data from my oidc server