request to the redirect_uri path but there's no session state found

[jahanzaib91]

Hi,

We have a backend service which is proxied using kong. We need to enabled OIDC authentication for this service and we are using this oidc plugin. Okta is our Identity Provider. We have the following configuration in our .yaml file for the service/route at kong along with oidc plugin configuration

_version: 3
name: some-service
proxy:
  path: /
  protocol: http
  targets:
    - host: <host>:<port>
  plugins:
    - name: oidc
      config:
        responseType: code
        clientId: <cliendId>
        scope: openid
        clientSecret: <clientSecret>
        discovery: https://<okta-hostname>/.well-known/openid-configuration
        redirect_uri_path: /somepath
routes:
  - name: <name>
    hosts:
      - app1.host1
    paths:
      - /somepath
    protocols:
      - https

When we access the route through kong i.e , kong successfully redirects to Okta for authentication. After providing authentication credentials, Okta successfully redirects the request back https://app1.host1/somepath with authorization code and state parameter in the URL. However, kong throws the following error

request to the redirect_uri path but there's no session state found

Please note that the similar configuration is working fine in another environment (another instance of kong with another instance of Okta). So we are unsure what would be causing this issue. Any ideas or pointers regarding it would be highly appreciated.

[liweitianux]

It looks like you were using the same URI for redirect_uri_path, which should be the cause.

Please have a look at apache/apisix#2426 and it might be helpful.

[pdomineaux]

@jahanzaib91 Have you finally found the root cause of your problem ?
I'm encounter the same issue on my side....