You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which version of Duende IdentityServer are you using?
6.2.3 Which version of .NET are you using?
6 Describe the bug
We are federating IDS with an external IDP in AWS via OIDC. In an edge case, it seems if I trigger SSO for a user, that IDP is generating a very large state parameter and it causes IDS to throw 404 error at Authorize EP. If I keep shortening the State parameter, Authorize EP eventually works. It does not look like the chrome url length limit was reached, the total length of the url including the large state parameter (2,372 chars in length) is 2,437 chars. Not an extremely crucial scenario. But would be good to know why this is happening. Thanks.
To Reproduce
-Use the Authorize EP below and substitue your ids-host, clientId, redirect_uri, etc. or just grab the state param from the url below and replace the state param generated by your client. It should produce 404 error code.
The state value you've posted is quite large, containing a significant amount of duplicated data, which is likely contributing to the issue. Browser limitations on URL length vary, but if you haven't already run into these, it's very likely to happen soon.
In particular:
The userData and userAttributes properties contain identical information.
The JWT in the unqorkAuthToken property appears to duplicate much of the same data as both userData and userAttributes.
Is this duplication a deliberate decision based on specific requirements? If not, a more efficient approach would be to store this state server-side and use a reference value, such as a GUID, in the state parameter. This will significantly reduce the size of the URL and help avoid browser and server limitations.
Which version of Duende IdentityServer are you using?
6.2.3
Which version of .NET are you using?
6
Describe the bug
We are federating IDS with an external IDP in AWS via OIDC. In an edge case, it seems if I trigger SSO for a user, that IDP is generating a very large state parameter and it causes IDS to throw 404 error at Authorize EP. If I keep shortening the State parameter, Authorize EP eventually works. It does not look like the chrome url length limit was reached, the total length of the url including the large state parameter (2,372 chars in length) is 2,437 chars. Not an extremely crucial scenario. But would be good to know why this is happening. Thanks.
To Reproduce
-Use the Authorize EP below and substitue your ids-host, clientId, redirect_uri, etc. or just grab the state param from the url below and replace the state param generated by your client. It should produce 404 error code.
https:///connect/authorize
?client_id=
&scope=openid%20profile
&response_type=code
&redirect_uri=
&state=eyJkZXN0aW5hdGlvbiI6IiMvZGlzcGxheS8xMjMiLCJzc29OYW1lIjoidG1uYXNleHByZXNzIiwiaXNQcmV2aWV3Ijp0cnVlLCJkb21haW4iOiJleHByZXNzIiwiY29udGV4dCI6eyJ1bnFvcmtBdXRoVG9rZW4iOiJleUpoYkdjaU9pSlNVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKMWMyVnlJanA3SWw5cFpDSTZJakprWTJNNE1tRmtMVFJpTlRZdE5HWmpaUzA0WVdaakxXSm1OelF3TkdVM1pESmtaU0lzSW1GMWRHaE5aWFJvYjJRaU9pSnZhV1JqSWl3aVlYVjBhRTFsZEdodlpFUmxkR0ZwYkhNaU9uc2liM0FpT2lKMGJXNWhjMlY0Y0hKbGMzTWlmU3dpYVhBaU9pSTNOUzR5TVRrdU16UXVNVFlpTENKcGMwUmxjMmxuYm1WeVZYTmxjaUk2Wm1Gc2MyVXNJbk5sYzNOcGIyNUpaQ0k2SW1SaU1qRmhOREJrTFdJellqa3RORE5rTnkxaE5XVTBMV1ZqWWpVM1pqSmpPRE0xWkNJc0luSmxabkpsYzJoRmVIQWlPakUzTWpZNU1qZzJPVGMyTlRNc0lsOWpjM0ptSWpvaWJIRXlNUzB6TkhZNVoxWjRRbFJWYVVjdE56QlZXV0pGSWl3aVpYaHdJam94TnpJMk9EVTJOekF3ZlN3aVpYaHdJam94TnpJMk9EVTJOekF3TENKcFlYUWlPakUzTWpZNE5ESXpNREI5LnFPLVJRX3Fnemh3Vml3dXBOTWlRUEZ0LUtEUE1pRDlpM3VfS1JrcVV0bXUwUXlBdHY0WHphYkhCV3V5Z0hrYUM1Z24zVnVBd3BOX3pKV092MEN2dUZobEZJSlJ1dWYtZ3JQOUNFVFJ2dVZLandIZ1N2UmRLbEtwOEFlMG5EUExJZS1JMmZybUhQR0F6NEx0Z0R4dmd3SUZJajZ6TEZodGVtWFJiVU1hV2pBaWppZFJSb0lZZ1hDX283ZDVpRXFKY09mZWNSYTVSOEVvYmVZUzZqdWhZRE03WGpSUTJ2NzVyc1F1R2hXZ2txLUZibWlGbWZrV0RxRVhoYTl6ZkFhbmw2UGlNWGItNkRMTXdKaGlJSVpCWXNkUjNOYnNnVk5zc0ZrR3htUkxBdnRkX2dCMW1QS0xkVm5tX0x1aEx6ZUhDQjFfaTRLSlNrRGVjelJjdlM3TlNTZyIsInVzZXJEYXRhIjp7InVzZXIiOnsiX2lkIjoiMmRjYzgyYWQtNGI1Ni00ZmNlLThhZmMtYmY3NDA0ZTdkMmRlIiwiYXV0aE1ldGhvZCI6Im9pZGMiLCJhdXRoTWV0aG9kRGV0YWlscyI6eyJvcCI6InRtbmFzZXhwcmVzcyJ9LCJpcCI6Ijc1LjIxOS4zNC4xNiIsImlzRGVzaWduZXJVc2VyIjpmYWxzZSwic2Vzc2lvbklkIjoiZGIyMWE0MGQtYjNiOS00M2Q3LWE1ZTQtZWNiNTdmMmM4MzVkIiwicmVmcmVzaEV4cCI6MTcyNjkyODY5NzY1MywiX2NzcmYiOiJscTIxLTM0djlnVnhCVFVpRy03MFVZYkUiLCJleHAiOjE3MjY4NTY3MDB9fSwidXNlckF0dHJpYnV0ZXMiOnsiYXV0aFVzZXIiOnsiX2lkIjoiMmRjYzgyYWQtNGI1Ni00ZmNlLThhZmMtYmY3NDA0ZTdkMmRlIiwiYXV0aE1ldGhvZCI6Im9pZGMiLCJhdXRoTWV0aG9kRGV0YWlscyI6eyJvcCI6InRtbmFzZXhwcmVzcyJ9LCJpcCI6Ijc1LjIxOS4zNC4xNiIsImlzRGVzaWduZXJVc2VyIjpmYWxzZSwic2Vzc2lvbklkIjoiZGIyMWE0MGQtYjNiOS00M2Q3LWE1ZTQtZWNiNTdmMmM4MzVkIiwicmVmcmVzaEV4cCI6MTcyNjkyODY5NzY1MywiX2NzcmYiOiJscTIxLTM0djlnVnhCVFVpRy03MFVZYkUiLCJleHAiOjE3MjY4NTY3MDB9fX19
Expected behavior
Authorize EP should function as normal.
Log output/exception with stacktrace
NA
Additional context
NA
The text was updated successfully, but these errors were encountered: