Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why am I getting a different STATE param on return from my OAuth auth request?

David Gifford
David Gifford October 16, 2019

My JS app calls for an OAuth 2 auth request our the docs  - something like: 

request

.get( 'https://auth.atlassian.com/authorize' )

.query('audience=api.atlassian.com')

.query('client_id=MY CLIENT ID')

.query('scope=read%3Ajira-user%20read%3Ajira-work%20write%3Ajira-work')

.query('redirect_uri=MY REDIRECT URI')

.query('state=MYCUSTOMSTATE') 

.query('response_type=code')

.query('prompt=consent'

 

The request returns a page containing JS code based on the Auth0 libraries.  When the browser finishes processing the page, it produces a response that contains this URL for the redirect to my redirect URI:

https://auth.atlassian.com/login?state=g6Fo2SAySldGUkZucnhFdk5WUThFVG1WLXhtUGt5X3RBRmJVRaN0aWTZIElqZ1lOdEtjUkkwb1M2bVZnNlFCLUU5UEFOM0FLUjhLo2NpZNkga1I2Q1Z3NzRGeGJIUDVqVG1Ka2xIeFljT2txWTZqQUM&client=MY CLIENT ID&protocol=oauth2&prompt=consent&audience=api.atlassian.com&scope=read%3Ajira-user%20read%3Ajira-work%20write%3Ajira-work&redirect_uri=MY REDIRECT URI&response_type=code

As you can see, this is a different STATE parameter, when the docs indicate it should be the same as the STATE I sent in the auth request.  What's going on here?  

 

Answer
Watch
Like Luke likes this
358 views

0 answers

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events