loud-keyboard-84117
02/19/2022, 3:40 PMAuthorizationError: The state is missing or does not have enough characters and is therefore considered too weak. Request parameter 'state' must be at least be 8 characters long to ensure sufficient entropy.
For ref: I'm using this library for creating a client: https://www.passportjs.org/packages/passport-oauth2/app.get(
"/auth/hydra",
passport.authenticate(
"oauth2",
{
scope: ["openid", "offline", "photos.read"],
state: "i'venoideawhathismeans",
},
{ failureRedirect: "/error" }
)
);
magnificent-energy-493
The state parameter is used to protect against XSRF.
Your application generates a random string and sends it to the authorization server using the state parameter. The authorization server sends back the state parameter. If both state are the same => OK. If state parameters are different, someone else has initiated the request.Does that make it clearer?
loud-keyboard-84117
02/22/2022, 7:39 PMmagnificent-energy-493
loud-keyboard-84117
02/22/2022, 8:45 PMmagnificent-energy-493
freezing-action-3915
05/14/2022, 4:50 AMopenid-client
(instead of passport-oauth2) to work better with passport to connect to hydra.loud-keyboard-84117
05/16/2022, 9:04 PMstate:true
value.
Did you get any issue with state using openid-client?
I'll try openid-client this weekend.freezing-action-3915
05/16/2022, 9:53 PMloud-keyboard-84117
05/17/2022, 3:27 AM