-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorizing with GitHub OAuth2 returns "The oauth state was missing or invalid" #1199
Comments
So I cloned the repo, checked out tag v4,0,1 and added my own project to the Solution, referencing Swashbuckle as a Project Dependency and managed to get some additional stacktrace information:
Addind a breakpoint to the method allowed me to see that there might be an InvalidOperationException regarding the Session. |
Hey @rodolphocastro, I am facing the same issue. |
Hey @ivanpaulovich, I haven't gotten around to working on this again, however I'll try to reproduce it on .net Core 3.1. I think the issue might be related to using the |
Hey @ivanpaulovich, I've made some progress into this. Using .net core 3.1 and the latest versions of swashbuckle I've ran into a different issue, which is actually a problem on GitHub's CORS policy! Those were my steps:
So, in the end, this doesn't seem like an issue with Swashbuckle itself but a misconfiguration on my first attempt and GitHub's lack of CORS support on the token endpoint. @domaindrivendev I don't think there's anything to be done about the CORS issue from Swashbuckle's side, mind if I close this issue? |
Env~ Details
Reproduction Steps
Create or use an existing GitHub OAuth App on GitHub's Developer Settings, then:
Startup.ConfigureServices
setup the following:a.
Add.Mvc
b.
Add.Authentication
withAddCookie
and (AddGitHub
OR.AddOAuth
)c.
AddSwaggerGen
withSwaggerDoc
andAddSecurityDefinition
for aOAuth2Scheme
withType = "oauth2", Flow = "accessCode", AuthorizationUrl = "https://github.com/login/oauth/authorize", TokenUrl = "https://github.com/login/oauth/access_token"
Startup.Configure
use the following:a.
UseCors
b.
UseDeveloperExceptionPage
c.
UseHttpsRedirection
d.
UseSwagger
e.
UseSwaggerUI
with the following parameters:Some more information
I made a branch just to keep the exact version that gives out the exception, on this GitHub repo
I've tested out the other actions on the API and Signout via the
auth/signin|out
route works just fine, so I'm not sure if this is a bug with the Swashbuckle's Swagger or SwaggerUI, since both show up on the Stacktrace. (Altho I don't rule out it being a bug on my part too, but I've been trying to get it fixed for 3 days now and someone else's insight would be greatly appreciated!)The text was updated successfully, but these errors were encountered: