Access forbidden State token does not match #1284
Comments
|
Same problem here. It appeared after installing NC on local domain and trying to transfer it to public domain. |
|
I have the same problem as well. The web app works just fine, but the Windows and Android apps have problems. Interestingly enough, when I logon using the old method on the Android app, it works fine. |
|
I have this problem too. Nextcloud is running on a back-end server using Nginx. HPPTS requests are forwarded from the client to the back end server using proxy_pass. I have copied all my Letsencrypt certs over to the backend server with paths to them in my server block and the web login works fine. But with the Nextcloud Desktop Client on installed on Windows 10 when I try and log in I get a message saying the certificate does not match to which I apply connect anyway, this then takes me to the login screen and upon entering my username and password I get “Access denied State token does not match”. Web app works fine. |
|
Same here, deployed nextcloud on docker following the guides, reversed proxy by nginx with SSL certs and setup a public domain. I noticed that I get the forbidden message when I use the public domain address but not when I use the machine IP. EDIT: |
|
Hi Guys, |
|
Same issue here !:( |
|
Hi have same problem! |
|
Same problem here. I have a workaround, though. Use the facility to copy the link to your clipboard. Login to something that has a cellphone as an endpoint (I used Telegram). Send the link to yourself (in the case of Telegram, you can send the link to a system bot). Open the link on your phone, and login. This seems to be fairly convincing evidence that the problem is not on the server at all, but in the desktop web browser. WHY it is the problem is another matter. |
Thanks! This solved it for me! Putting these headers at the |
|
What i must to put exactly? And witch file? Thanks |
|
@sferia82 In your nginx config file. In my case I used a nginx-proxy docker container. The file is /config/nginx/site-confs/default Then in there where you declare you forward location you put the headers. For example, yours could currently look like this: Then copy/paste these exact headers exactly like this and put it under the proxy_pass statement exactly like this: Hope this helps. |
|
how about Apache 2.4 (httpd.conf) then? |
|
Looks more like a server setup issue, nothing we can really do on our end. Sorry. |
|
I am still facing the issue. How do we fix it in httpd.conf? |
|
Only need to add this line in the configuration file config.php
|
|
It's still not working for me either. I have edited my Nginx conf and have made sure that |
|
It works! Just follow instruction from @xnardo |
Maybe you need add this in the correct position, i added this in the last line, before ";" |
|
Thank you for all the suggestions. We are having this issue with our adfs configuration using saml. web app works but all mobile apps nextcloud and nextcloud talk and desktop are not working. we get the same error access forbidden state token doest not match. currently, in nextcloud 19.0.1 funny enough it seems that it was working in nextcloud 18. Have tried the |
|
We hat previously set up SAML2 authentication against Microsofts AAD. I've tried different setups with NGINX as a proxy but in the end not one of the proposed solutions helped. Desktop and Web Logins both work without issues. As a workaround: me and a coworker were still able to log in with a manually generated app-token. (via https://your.nextcloud-instance.tld/settings/user/security) |
We‘re facing exactly the same problem with SAML2 against Microsofts AAD since we upgraded Nextcloud to version 19. |
|
The thing is, I don't think that the authentication failed, I've tried this once and just clicked the 'back' button on the android app until the point where I was expecting the login-flow to start and ended up just being logged in. |
i resolved this problem !! thx |
|
To throw my 2p in here, I was having this issue on macOS and nothing here resolved it. In the end my configuration turned out to be fine, it was the Brave browser causing some sort of issue (even with protections turned off). I used the "copy link" option in the desktop client, pasted it into Safari and it worked immediately. |
|
Same problem here. I set up Nextcloud with Docker and when trying to log in to the Talk App on iOS i get the error "State token does not match". @xnardo's Solution doesn't make it work :( |
|
I just ran into this myself. For me it was caused by "fixing" another problem. So I commented out the below 2 lines in my /etc/nginx/conf.d/nextcloud.conf based on another thread I was looking at. This got rid of the webfinger and nodeinfo messages in my overview, but I could no longer log into the app on my iOS device. I un-commented those lines and the mobile apps work again. I admittedly don't know enough of what's happening here to really understand the problem I just set up nextcloud for the first time ever today.... but hopefully this helps someone. |
|
Still/Again an issue when trying to log in for the first time on iPadOS to the official Nextcloud app. After providing the 2nd factor (e. g. OTP received via E-Mail) this message is shown. Only workaround: Using alternative login method using an app token created before. Probably a current issue in the Nextcloud iOS app. |
|
Had the exact same issue on Windows 11 when using Brave 1.56.11. What fixed it was to copy the link and open it in a private window. No idea why, but it simply worked. Nextcloud 26.0.2 |
|
This is probably due to old/stale cookies interfering. Sometimes going to Files section on the web UI nextcloud goes into a reload loop. Removing all cookies solves this issue. The same also works for this state token issue. |
|
I am not sure if this may have something to do with running Nextcloud inside a Docker container? But if this is indeed due to expired cookies, then I wonder why Nextcloud does not recover from it transparently? It is also quite strange that the Desktop app seemingly cannot handle the login process internally, and instead we are forced to open a browser window. That's a very unusual and bad way of designing a login imo. I have to close down my browser window and try again, but then the second attempt is successful. However, I'd really expect the Desktop app to stay logged in once a token is obtained. For me, if I close the app, it looses the authentication for some reason. Currently I am using KDE Desktop, and I had to disable KDE Wallet temporarily to solve another unrelated problem, and that was when I noticed something was wrong with the authentication process. The problem seems both to involve staying logged in after closing the app, and re-authenticating after reopening the app. |
and others
server version: 16.0.1
client version: 2.5.2
when I use client to log in,It shows "Access forbidden State token does not match".
The text was updated successfully, but these errors were encountered: