Skip to content

OIDC Auth code Flow: state parameter in redirect url #4157

New issue
New issue
Open
Open
OIDC Auth code Flow: state parameter in redirect url#4157
@dennemark

Description

@dennemark
dennemark
opened on May 28, 2025

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.

Version

2.29.0

Storage Type

In-memory

Installation Type

Official container image

Expected Behavior

Hi,
I am trying to use Dex for local dev testing with a node js application that uses openid-client.

When I want to grant access to the app, i would like the callback redirect not to include an empty state parameter.
/api/callback?code=...

Actual Behavior

Currently the callback looks like this:
/api/callback?code=....state=

Steps To Reproduce

No response

Additional Information

There is an issue discussing this behaviour in openid-client, and as far as i understood, the correct behaviour would be, not to send an empty state parameter in the client url.

panva/openid-client#703

Configuration



Logs


Metadata
Metadata
Assignees
No one assigned
    Labels
    No labels
    No labels
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions