Error: state mismatch
at Client.authorizationCallback (/var/www/html/node_modules/openid-client/lib/client.js:309:29)
at OpenIDConnectStrategy.authenticate (/var/www/html/node_modules/openid-client/lib/passport_strategy.js:137:27)
at attempt (/var/www/html/node_modules/passport/lib/middleware/authenticate.js:361:16)
at authenticate (/var/www/html/node_modules/passport/lib/middleware/authenticate.js:362:7)
at Layer.handle [as handle_request] (/var/www/html/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/www/html/node_modules/express/lib/router/index.js:317:13)
at /var/www/html/node_modules/express/lib/router/index.js:284:7
at Function.process_params (/var/www/html/node_modules/express/lib/router/index.js:335:12)
at next (/var/www/html/node_modules/express/lib/router/index.js:275:10)
at Layer.handle [as handle_request] (/var/www/html/node_modules/express/lib/router/layer.js:91:12)
at trim_prefix (/var/www/html/node_modules/express/lib/router/index.js:317:13)
at /var/www/html/node_modules/express/lib/router/index.js:284:7
at Function.process_params (/var/www/html/node_modules/express/lib/router/index.js:335:12)
at next (/var/www/html/node_modules/express/lib/router/index.js:275:10)
at SessionStrategy.strategy.pass (/var/www/html/node_modules/passport/lib/middleware/authenticate.js:338:9)
at SessionStrategy.authenticate (/var/www/html/node_modules/passport/lib/strategies/session.js:75:10)
at attempt (/var/www/html/node_modules/passport/lib/middleware/authenticate.js:361:16)
at authenticate (/var/www/html/node_modules/passport/lib/middleware/authenticate.js:362:7)
at Layer.handle [as handle_request] (/var/www/html/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/www/html/node_modules/express/lib/router/index.js:317:13)
at /var/www/html/node_modules/express/lib/router/index.js:284:7
at Function.process_params (/var/www/html/node_modules/express/lib/router/index.js:335:12)
user-service_1 | user-servi | [2017-12-19T15:29:32.333] [INFO] default - ==== USER SERVICE ====
user-service_1 | user-servi | [2017-12-19T15:29:32.336] [INFO] default - BEGINNING USER SERVICE
user-service_1 | user-servi | [2017-12-19T15:29:32.344] [INFO] default - REGISTERING REDIS TO DI
user-service_1 | user-servi | [2017-12-19T15:29:32.345] [INFO] default - REGISTRATION DONE.
user-service_1 | user-servi | [2017-12-19T15:29:32.489] [INFO] default - REGISTERING SERVICES TO DI
user-service_1 | user-servi | NOTICE: a draft/experimental feature (sessionManagement) enabled, future updates to this feature will be released as MINOR releases
user-service_1 | user-servi | [2017-12-19T15:29:32.517] [INFO] default - REGISTRATION DONE.
user-service_1 | user-servi | [2017-12-19T15:29:32.517] [INFO] default - STARTING SERVER...
user-service_1 | user-servi | [2017-12-19T15:29:32.669] [INFO] default - SERVER STARTED AT PORT: 3000
user-service_1 | user-servi | 2017-12-19T15:30:06.470Z oidc-provider:authentication:accepted uuid=144baad5-2a9b-4977-b21c-f0ad050ff7ad Params { acr_values: undefined, claims: undefined, claims_locales: undefined, client_id: 'zELcpfANLqY7Oqas', code_challenge: undefined, code_challenge_method: undefined, display: undefined, id_token_hint: undefined, login_hint: undefined, max_age: undefined, nonce: undefined, prompt: undefined, redirect_uri: 'https://docker.for.mac.localhost/auth/cb', registration: undefined, request: undefined, request_uri: undefined, response_mode: 'query', response_type: 'code', scope: 'openid email', state: '7f31cd25-377f-4cc1-8f41-e9578052702f', ui_locales: undefined }
user-service_1 | user-servi | 2017-12-19T15:30:06.475Z oidc-provider:authentication:interrupted uuid=144baad5-2a9b-4977-b21c-f0ad050ff7ad interaction={ error: 'login_required', error_description: 'End-User authentication is required', reason: 'no_session', reason_description: 'Please Sign-in to continue.' }
user-service_1 | user-servi | [2017-12-19T15:30:06.501] [INFO] default - see what else is available to you for interaction views Session {
user-service_1 | user-servi | returnTo: 'https://docker.for.mac.localhost:81/oidc/auth/144baad5-2a9b-4977-b21c-f0ad050ff7ad',
user-service_1 | user-servi | interaction:
user-service_1 | user-servi | { error: 'login_required',
user-service_1 | user-servi | error_description: 'End-User authentication is required',
user-service_1 | user-servi | reason: 'no_session',
user-service_1 | user-servi | reason_description: 'Please Sign-in to continue.' },
user-service_1 | user-servi | uuid: '144baad5-2a9b-4977-b21c-f0ad050ff7ad',
user-service_1 | user-servi | params:
user-service_1 | user-servi | { client_id: 'zELcpfANLqY7Oqas',
user-service_1 | user-servi | redirect_uri: 'https://docker.for.mac.localhost/auth/cb',
user-service_1 | user-servi | response_mode: 'query',
user-service_1 | user-servi | response_type: 'code',
user-service_1 | user-servi | scope: 'openid email',
user-service_1 | user-servi | state: '7f31cd25-377f-4cc1-8f41-e9578052702f' },
user-service_1 | user-servi | id: '144baad5-2a9b-4977-b21c-f0ad050ff7ad' }
user-service_1 | user-servi | 2017-12-19T15:30:24.084Z oidc-provider:authentication:resumed uuid=144baad5-2a9b-4977-b21c-f0ad050ff7ad { login: { account: '5a37ed54852e8d0044de7336', acr: '1', remember: true, ts: 1513697424 }, consent: { scope: 'openid email' } }
user-service_1 | user-servi | NOTICE: default helper interactionCheck called, you should probably change it in order to to define the policy for requiring End-User interactions.
user-service_1 | user-servi | 2017-12-19T15:30:24.092Z oidc-provider:authentication:success uuid=144baad5-2a9b-4977-b21c-f0ad050ff7ad { code: 'OWNiMjEwOGYtNmZjMy00ZGQzLTkxNzgtODBmYTAyYTEzN2Y5_8g2B8_NsKHh5mBRdKge6xYGJfvDCS70KFI97jI1TBLJ7Sk0gWvVXOFpCFux_4I2v9DlFePu8DtCv_XplvVnkA', state: '7f31cd25-377f-4cc1-8f41-e9578052702f', session_state: '349c1feee28805f640427f0bfeabf073e3102518ecdf8bef1664977ccbd6c8e7.6f931315a4e555e7' }
I don't know what is the issue here, what is being compared. I am using self signed certificate for development, and also two services in my system, one is api-gateway as gateway and proxy and other one is user-service as my authorization service. I activate express session in my api-gateway with cookie secure to true in my api-gateway
app.use(session({ secret: 'keyboard cat', resave: false, saveUninitialized: true, cookie: { secure: true }, }));