I find that every so often(not sure of the exact cadence for this error) I get the following error after the user is successfully authenticated(i.e. the url this is happening on is https://website.com/callback):
BadRequestError: checks.state argument is missing: at /var/www/app/html/node_modules/express-openid-connect/middleware/auth.js:94:29 at processTicksAndRejections (internal/process/task_queues.js:97:5)
I am using
express-openid-connect v1.0.1 and the new Universal Login page. Interestingly I never run into this when testing locally, only on the server if that context helps.
Update 1: Another piece of the puzzle. When I get the above error and then go back to https://website.com/ and click sign in again, authentication and redirect works flawlessly without me even seeing the universal login screen.
From this point, I can logout and login to my heart’s content without seeing the error again.
Update 2: Thought it might be something to do with cookies and the fact that the Express server runs behind Nginx and so I added:
app.use("trust proxy", true);
Still the same problem
Update 3: I can now see that the first time I authenticate and get the error as described there is no cookie set on the domain. Once I go back to the landing page and attempt authentication again, the
appSession cookie is set and persists so, from there on out(as mentioned before) sign in and sign out works as expected.
Any idea why setting the cookie the first time would fail? But then succeed on the second attempt? Is this a possible bug in the connect node module?
Has anyone else run into this problem? Any ideas on a resolution? Thank you