OIDC should pay attention to query params that make up the Authentication Error Response
Open, Needs TriagePublicBUG REPORT
Actions

Assigned To

None

Authored By

	MarkAHershberger
	Jan 19 2025, 12:53 AM

Description

The redirect loops could be resolved if OIDC were to properly respond to the Authentication Error Response query parameters.

First noticed when I looked at the parameters in the redirect loop.

error=invalid_scope
&error_description=Invalid+scopes%3A+email+profile+basic+uid+openid
&state=952b7c9d078cf493e20a3b4e1b103732
&iss=https%3A%2F%2Fkeycloak.wmcloud.org%2Frealms%2Fwikiverse

This should not redirect and, instead, show the error message.

Related Objects

Mentioned In: T415339: Extension:OpenIDConnect: Exception during authentication leads to infinite redirection loop

Event Timeline

MarkAHershberger created this task.Jan 19 2025, 12:53 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 19 2025, 12:53 AM

Osnard mentioned this in T415339: Extension:OpenIDConnect: Exception during authentication leads to infinite redirection loop.Jan 23 2026, 7:42 AM

OIDC should pay attention to query params that make up the Authentication Error ResponseOpen, Needs TriagePublicBUG REPORTActions

Description

Related Objects

Event Timeline

OIDC should pay attention to query params that make up the Authentication Error Response
Open, Needs TriagePublicBUG REPORT
Actions