You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug description
The ‘state’ parameter is not appended to the request URL when requesting oauth authorization from the developer portal even though “Support state parameter” is selected in the OAuth configuration.
Okta oauth requires the ‘state’ parameter.
This is the request URL sent from the Developer Portal:
https://.okta.com/oauth2/aus3d28cn6UPLknbA417/v1/authorize?response_type=code&client_id=&code_challenge_method=S256&code_challenge=owcExgqifVaRmsv6TUngu9LFuw7qN4FOTu9VHScKIA4&redirect_uri=https://-azapiman.developer.azure-api.net/signin-oauth/code-pkce/callback/okta&scope=openid+profile+email+offline_access
Okta response payload
error: invalid_request
error_description: The authentication request has an invalid 'state' parameter.
Reproduction steps
Setup APIM with any API
Add a new OAuth 2.0 configuration
Complete the configuration setup and make sure to tick "Support state parameter"
Go to API setting and select your new oauth configuration as the authorization method.
Publish your Developer Portal
Broswe to you API details page in the Developer Portal and select the authorization combo option.
If configured correctly you should see an authorization popup
Investigate that URL
Expected behavior
The ‘state’ parameter should be appended as query parameter
'&state=state'
Bug description
The ‘state’ parameter is not appended to the request URL when requesting oauth authorization from the developer portal even though “Support state parameter” is selected in the OAuth configuration.
Okta oauth requires the ‘state’ parameter.
This is the request URL sent from the Developer Portal:
https://.okta.com/oauth2/aus3d28cn6UPLknbA417/v1/authorize?response_type=code&client_id=&code_challenge_method=S256&code_challenge=owcExgqifVaRmsv6TUngu9LFuw7qN4FOTu9VHScKIA4&redirect_uri=https://-azapiman.developer.azure-api.net/signin-oauth/code-pkce/callback/okta&scope=openid+profile+email+offline_access
Okta response payload
error: invalid_request
error_description: The authentication request has an invalid 'state' parameter.
Reproduction steps
Expected behavior
The ‘state’ parameter should be appended as query parameter
'&state=state'
https://.okta.com/oauth2/aus3d28cn6UPLknbA417/v1/authorize?response_type=code&client_id=&code_challenge_method=S256&code_challenge=owcExgqifVaRmsv6TUngu9LFuw7qN4FOTu9VHScKIA4&redirect_uri=https://-azapiman.developer.azure-api.net/signin-oauth/code-pkce/callback/okta&scope=openid+profile+email+offline_access&state=state
Additional context
Related bug #208
Confirmed as a bug by Microsoft support on my original ticket https://learn.microsoft.com/en-us/answers/questions/1376198/how-to-set-state-parameter-for-api-developer-porta
The text was updated successfully, but these errors were encountered: