Skip to content

fix: Add state parameter to OIDC authorization request (#143) #196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Excellencedev wants to merge 4 commits into from
Closed

fix: Add state parameter to OIDC authorization request (#143) #196

Excellencedev wants to merge 4 commits into from

Conversation

@Excellencedev
Copy link

@Excellencedev Excellencedev commented Dec 6, 2025

Summary

Fixes #143 - OIDC login fails with Authelia due to missing state parameter.

Problem

Authelia requires the state parameter in OIDC authorization requests (minimum 8 characters for entropy). The previous implementation didn't include this parameter, causing invalid_state errors.

Changes

  • Added generate_state/0 function to create cryptographically secure 32-byte state values
  • Store state in session alongside PKCE verifier during authorization
  • Validate returned state matches stored state on callback (CSRF protection)
  • Include state parameter in Oidcc.create_redirect_url options

/claim #143

@Excellencedev
Copy link
Author

Excellencedev commented Dec 6, 2025

@alxlion Please review. I believe this fixes it

@Excellencedev

This comment was marked as outdated.

Sign in to view
google-labs-jules bot and others added 2 commits December 8, 2025 05:36
@google-labs-jules
feat: Implement OIDC state parameter for CSRF protection
15424fd 
This commit introduces the `state` parameter to the OIDC authentication flow to prevent CSRF attacks. The changes include generating a random state value, storing it in the session, and verifying it in the callback.

This resolves an issue where OIDC login with Authelia would fail due to the missing `state` parameter.
,
@Excellencedev
Format code
6491ae2
@Excellencedev
Copy link
Author

Excellencedev commented Dec 8, 2025
edited
Loading

code formatted, builds,and test pass. ci should pass

@Excellencedev
Copy link
Author

Excellencedev commented Dec 16, 2025

@alxlion plz review

@alxlion
Copy link
Contributor

alxlion commented Dec 16, 2025

@alxlion Please review. I believe this fixes it

I don't want you to believe, you have to be sure. Have you tested it and confirmed that it's working?

@Excellencedev
Copy link
Author

Excellencedev commented Dec 16, 2025

@alxlion Let me go ahead and test it

@Excellencedev
Copy link
Author

Excellencedev commented Dec 16, 2025

drafting til then

@Excellencedev Excellencedev marked this pull request as draft December 16, 2025 14:02
@Excellencedev Excellencedev marked this pull request as ready for review December 20, 2025 02:52
@Excellencedev
Copy link
Author

Excellencedev commented Dec 20, 2025

@alxlion pls approve workflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Authelia OICD login fails due to missing state value

2 participants

@Excellencedev @alxlion