Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple /authorize requests in the same session are not supported. Why? #16336

Open
pujachowdhary27 opened this issue Dec 23, 2024 · 0 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@pujachowdhary27
Copy link

Describe the bug
In a new session when hit /authorize requests in multiple tabs of the same browser session, I get IDP login screen in both all the tabs. After entering credentials, I login to IDP is successful, but failure occurs at spring security class OAuth2LoginAuthenticationFilter in attemptAuthentication method along the following lines -

Auth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
.removeAuthorizationRequest(request, response);
if (authorizationRequest == null) {
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}

I see that this was supported in older versions of spring security (< 6.x) but this support was removed in 6.x versions

To Reproduce
In a new browser session when hit /authorize requests in multiple tabs of the same browser session
Login to IDP in all tabs
Login is successful
Failure occurs at spring security class OAuth2LoginAuthenticationFilter as stated above

Expected behavior
code should be returned in the /authorize call of each tab

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.

@pujachowdhary27 pujachowdhary27 added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Development

No branches or pull requests

1 participant