Peter
Peter

Reputation: 133

"No state in response" error with OIDC_CLIENT and angularJS

I am trying to replace the old oidc-token-manager with oidc-client in my angular app, but I keep getting this error "No state in response", I have look at brockallen sample to learn how to use it, but not luck so far. Here is what I have in my service.

var config = {
                client_id: "myClient"
                , redirect_uri: "http://127.0.0.1:51899/callback.html"
                , response_type: "id_token token"
                , scope: "openid profile test"
                , authority: "https://localhost:44369"
            };
            var mgr = new Oidc.UserManager(config);

and similar thing on my callback page.

This is what I have in my mainController

var tokenManager = {
            mgr: {}
        };
        tokenManager.mgr = oidc.tokenManager();
        startSigninMainWindow(tokenManager);

        function startSigninMainWindow(tokenManager) {
            tokenManager.mgr.signinRedirectCallback().then(function (user) {
                var data = user.state.some;
            }, function (err) {
                console.log(err); // err:'No state in response'
            });
        }

Could any body tell me what I am doing wrong? Thanks. PS: BTW, I don't even get to see the login screen in the Identity Server any more

Upvotes: 9

Views: 8025

Answers (2)

John Henckel
John Henckel

Reputation: 11417

In my case, there was garbage in the Local Storage. Open the chrome debugger "Application" tab and clear all the Local and Session storage. Then reload the app.

NOTE: as a developer you need to know that oidc-client uses session/local storage for a cache. It does not refresh the cache if, for example, you change the configuration of your token. You must manually clear the storage.

Upvotes: 1

Ron Newcomb
Ron Newcomb

Reputation: 3302

In my case, someone was calling the /login callback route directly from the UI code. The /login route should only be called by the SSO server (Identity Provider, whatever you call it) and never by the UI itself. So in our authGuard we replaced this.router.navigate(['/login']); with this.userManager.signinRedirect(); and it cleared right up.

Upvotes: 0

Related Questions