g7mod (g7mod) asked a question.
Setting for requiring `state` parameter in request?
I am developing an OIDC integration with Okta. At one point, I got this error when authenticating:
> error: invalid_request
> error_description: The authentication request has an invalid 'state' parameter.
I understand this is for protection against CSRF attacks. My client was not setting this parameter, so I revised the client behavior to set it, and was able to authenticate.
Is this parameter required because of a particular setting in my Okta application? If so, which one?
Thanks in advance.
Hi, @g7mod (g7mod)
Thank you for posting on our Community page!
There are a couple of tangential posts around the subject, but my advice would be to reach out to the dedicated Developer Forum devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features.
https://support.okta.com/help/s/question/0D51Y0000A5N3rJSQS/how-do-i-fetch-the-state-value-for-accessing-application-post-successful-authentication-through-openid-connect-authorization-endpoint?language=en_US
https://support.okta.com/help/s/question/0D54z00007fV0ZTCA0/state-value-is-not-present-in-redirectcallback-url?language=en_US
Thank you for reaching out to our Community and have a great day!
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________
Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.