'Microsoft OAuth parsing state parameter as string, but return a hash
I'm using the Microsoft identity platform and OAuth 2.0 authorization code flow to authorize user information from Microsoft Azure. In my Ruby code I parse the state parameter to microsoft:
config.omniauth :azure_oauth2, client_id: "xxxxxxxxxxxx", client_secret: "xxxxxxxxxxxx", tenant_id: "xxxxxxxxxxxx", scope: "user.read", state: "development", response_type: "token", response_mode: "query"
I'm supposed to receive a state parameter with the same value ("development") as I sent. But seems I got a hashing value for it after microsoft received my request:
https://login.microsoftonline.com/xxxxxxxx&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fomniauth%2Fazure_oauth2%2Fcallback&response_type=code&scope=user.read&state=6ff45c77bf433d3bf33dd8df956fda77d62467c0b29b6f4c&sso_reload=true
Any idea? Thanks.
Solution 1:[1]
This is working as per design , state will randomly generated unique value is typically used for preventing cross-site request forgery attacks. The state is also used to encode information about the user's state in the app , see the docs for more details - https://docs.microsoft.com/en-us/graph/auth-v2-user
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | vicky kumar |