You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
In a new session when hit /authorize requests in multiple tabs of the same browser session, I get IDP login screen in both all the tabs. After entering credentials, I login to IDP is successful, but failure occurs at spring security class OAuth2LoginAuthenticationFilter in attemptAuthentication method along the following lines -
Auth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
.removeAuthorizationRequest(request, response);
if (authorizationRequest == null) {
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
I see that this was supported in older versions of spring security (< 6.x) but this support was removed in 6.x versions
To Reproduce
In a new browser session when hit /authorize requests in multiple tabs of the same browser session
Login to IDP in all tabs
Login is successful
Failure occurs at spring security class OAuth2LoginAuthenticationFilter as stated above
Expected behavior
code should be returned in the /authorize call of each tab
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.
The text was updated successfully, but these errors were encountered:
Describe the bug
In a new session when hit /authorize requests in multiple tabs of the same browser session, I get IDP login screen in both all the tabs. After entering credentials, I login to IDP is successful, but failure occurs at spring security class OAuth2LoginAuthenticationFilter in attemptAuthentication method along the following lines -
Auth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository
.removeAuthorizationRequest(request, response);
if (authorizationRequest == null) {
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
I see that this was supported in older versions of spring security (< 6.x) but this support was removed in 6.x versions
To Reproduce
In a new browser session when hit /authorize requests in multiple tabs of the same browser session
Login to IDP in all tabs
Login is successful
Failure occurs at spring security class OAuth2LoginAuthenticationFilter as stated above
Expected behavior
code should be returned in the /authorize call of each tab
Sample
A link to a GitHub repository with a minimal, reproducible sample.
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.
The text was updated successfully, but these errors were encountered: