You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ curl -X POST http://localhost:9080/sso
{"code":200,"msg":"Ok","data":"http://localhost:4444/oauth2/auth?client_id=trino_client_id&response_type=code&redirect_uri=http://localhost:9080/oidc/callback&scope=openid"}
state should be included in the OAuth request redirect.
It is required by the spec and some OAuth provider reject the request if state field is missing.
For example, Hydra returns the following error: The state is missing or does not have enough characters and is therefore considered too weak. Request parameter "state" must be at least be 8 characters long to ensure sufficient entropy.
Things that are missing:
nonce
andstate
during authenticationI think what I'm going to do is reimplement the OIDC login using OAuth library (nimbusds).
Ref:
trino-gateway/gateway-ha/src/main/java/io/trino/gateway/ha/security/LbOAuthManager.java
Line 119 in 53ec04b
state
should be included in the OAuth request redirect.It is required by the spec and some OAuth provider reject the request if
state
field is missing.For example, Hydra returns the following error:
The state is missing or does not have enough characters and is therefore considered too weak. Request parameter "state" must be at least be 8 characters long to ensure sufficient entropy.
Ref:
Implementation in Trino:
https://github.com/trinodb/trino/blob/ae789c04f5995dcd87efe6b5e1862521c2ad6957/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Service.java#L151
The text was updated successfully, but these errors were encountered: