issue with httponly cookies (state-mismatch) #6294
-
I'm trying to use outline (docker) with a cloudflare tunnel and Azure. Looking at the cookies, the state is set, it's set for the correct public domain, and azure properly sends it back. Edit: seems like I may have misunderstood the meaning of the |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
I'm not sure, sounds like you covered all the bases to be honest – but state mismatch means that the state value returned from Azure is not the same as the one that the server can access from the cookie. Why is Cloudflare tunnel needed? |
Beta Was this translation helpful? Give feedback.
-
When I click the "Login with Microsoft", I go to
The response is a 302 redirect to Once I log in there is a call to That call to So for some reason when the callback is called, containing the state variable, the cookie gets cleared and it redirects to |
Beta Was this translation helpful? Give feedback.
-
Uhg, I copied the "Secret ID" instead of the value. I saw "secret" and assumed it was the actual secret, but the "value" is the actual secret. Edit: I should add that I think part of the issue may have been the server time was off meaning the cookie was expired as soon as it was written (?). In any case it works now. Side note, the docs on this page https://docs.getoutline.com/s/hosting/doc/microsoft-azure-UVz6jsIOcv are slightly out of date as Active Directory is now called Entra ID |
Beta Was this translation helpful? Give feedback.
Uhg, I copied the "Secret ID" instead of the value. I saw "secret" and assumed it was the actual secret, but the "value" is the actual secret.
Edit: I should add that I think part of the issue may have been the server time was off meaning the cookie was expired as soon as it was written (?). In any case it works now.
Side note, the docs on this page https://docs.getoutline.com/s/hosting/doc/microsoft-azure-UVz6jsIOcv are slightly out of date as Active Directory is now called Entra ID