Follow

oAuth2 Error messages

It could happen that you receive an error during sign in. There are several possible reasons for this.

mceclip0.png

If you want more information about the oAuth2 flow, please read this article

The state received from the authority server is invalid

2020-01-20 11:05:56.430 WARN  [10] w365support uid(null)  NDAW.Html.Front.OAuth2.OAuth2StateService - Given authentication state's issued date `1/20/2020 8:14:33 AM` is older then `00:05:00` from now `1/20/2020 10:05:56 AM`

This could be happening if the request state is older than 5 minutes or the request state is invalid.

  • State is older than 00:05:00 (5 minutes)
  • Requested state is wrong/reused

State is older than 00:05:00 (5 minutes)

If you navigate to the workspace with oAuth2 configured, you will be redirected to the Authority (Azure AD or, if it's a federated domain, to the ADFS). The oAuth2 protocol demands a request state from the application (Workspace 365). In this case, the request state is the exact time of the redirect to the Authority. When you are redirected and you're not completing the sign-in process within these 5 minutes, the request state is older than 00:05:00 (5 minutes).

It happens occasionally when you have set the workspace as start page and the user is not signing in within this time.

Solution:

  1. If you are using Windows 10 with an Azure AD joined device, you can benefit from the full Single Sign-On experience by using Edge as browser or by installing the Windows 10 Accounts extension in Chrome.
  2. Click 'Retry'

Requested state is wrong/reused

If you navigate to your workspace URL e.g. https://stable.workspace365.me/w365support you will find out that you are redirected to the sign in page of your Authority. In this case, the SSO application created in Azure AD.

mceclip1.png

Occasionally, users bookmark this page. In the current URL (listed below) the request state is included. Every time they open the bookmark, they will be prompted that the request state is invalid. 

https://login.microsoftonline.com/w365support.onmicrosoft.com/oauth2/authorize?client_id=7c9fb7fe-5642-4809-be5d-9ad7d0a8934a&resource=7c9fb7fe-5642-4809-be5d-9ad7d0a8934a&response_type=code&redirect_uri=https%3a%2f%2fstable.workspace365.me%2fw365support%2fOAuth2%2fHandleAuthorityResponse&state=I2O-crv_rjp_GVVBWiliW4DWPsjDggCNtexUkp-6jTQ5W9ymMGg4BZVlJtjvJfZfshSPSn0A_MWgZ8B8Tegp0u7iktx3mq2Fl5rF-ZttASM4kMrx4nA2VJwWqBgQKeuuQ0-O-n6C58L3yYtX8AfiQfbzibhKmVcgCMdedEgfkyB1uGC4Lg3t8T3S4brGRwZMWo2HZhzixGgUr7bZT3tE_0vOpml7vrcmhYAs_lfR6wyHagFudi6UEOCMgoPb8XVpJYlIYfdocRqana7y5RcWiklhlKSABRqpwsRfsBQpluk1

Solution:

  1. If you are using Windows 10 with an Azure AD joined device, you can benefit from the full Single Sign-On experience by using Edge as browser or by installing the Windows 10 Accounts extension in Chrome.
  2. Click 'Retry'