You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While working on testing #19318, I discovered that at least one OIDC provider (MSFT ADFS) returns errors in a error query parameter of the callback URL. This results in a URL like the following:
The embedded page doesn't display this to the user in any obvious way, so we end up getting a "success" login page and then the subsequent request to complete the workflow gets an error like:
I took a quick look at this and it looks like we need to check for an error query parameter in the ServerHTTP function and then optionally see if error_description description is included. If this is present, we could write an error response and display an error page with the detail found.
While working on testing #19318, I discovered that at least one OIDC provider (MSFT ADFS) returns errors in a
error
query parameter of the callback URL. This results in a URL like the following:http://localhost:4649/oidc/callback?error=invalid_resource&error_description=MSIS9602%3a+The+received+%27resource%27+parameter+is+invalid.+The+authorization+server+can+not+find+a+registered+resource+with+the+specified+identifier.&state=st_h3QSSe5YSaai7JZydqqk&client-request-id=6497f86e-a844-4304-4300-0080030000f0
The embedded page doesn't display this to the user in any obvious way, so we end up getting a "success" login page and then the subsequent request to complete the workflow gets an error like:
The text was updated successfully, but these errors were encountered: