Description:
We using Rocket.Chat as OAuth server for Wiki.js.
Authorization broke after updating Rocket.Chat to 6.3.6
Steps to reproduce:
- Add Rocket.Chat authentification to Wiki.js
- Add new OAuth Application in Rocket.Chat->Administration->OAuth Applications
- Try authentificate in Wiki.js with Rocket.Chat
Expected behavior:
- Press auth with Rocket.Chat in Wiki.js
- Select auth profile in Rocket.Chat
- Redirect to Wiki.js
Actual behavior:
- Press auth with Rocket.Chat in Wiki.js
- Select auth profile in Rocket.Chat
- Get an error 400
request
https://[rc]/oauth/authorize?response_type=code&redirect_uri=[redirect_uri]&scope=openid%20profile%20email&client_id=[client_id]
returns 400
{"error":"invalid_request","error_description":"Missing parameter: `state`"}
Server Setup Information:
- Version of Rocket.Chat Server: 6.3.6
- Operating System: debian
- Deployment Method: docker
- Number of Running Instances: 1
- DB Replicaset Oplog: enabled
- NodeJS Version: v14.21.3
- MongoDB Version: 6.0.9 / wiredTiger
Additional context
It looks like after the update the 'state' property became mandatory, while it should be optional. When any state value (&state=1 as example) is appended to the url, authorization is successful.
Description:
We using Rocket.Chat as OAuth server for Wiki.js.
Authorization broke after updating Rocket.Chat to 6.3.6
Steps to reproduce:
Expected behavior:
Actual behavior:
request
https://[rc]/oauth/authorize?response_type=code&redirect_uri=[redirect_uri]&scope=openid%20profile%20email&client_id=[client_id]returns 400
{"error":"invalid_request","error_description":"Missing parameter: `state`"}Server Setup Information:
Additional context
It looks like after the update the 'state' property became mandatory, while it should be optional. When any state value (
&state=1as example) is appended to the url, authorization is successful.