1

We have oauth2-proxy setup with the cookie storage option for state, which successfully redirects the user to the IDP and back when their access token expires and needs refreshing.

If the token needs refreshing, but the call made is a POST with form data, once the refresh token has been acquired, and the user redirected back to the app, the form data is lost.

oauth2-proxy seems to store the original URL requested and its method in the 'state' query param which is passed around to the IDP and back whilst redirecting the user, which is what I guess oauth2-proxy uses to then recreate the original request.

Is it expected that the POST payload is lost if the call was a POST? Is that only stored if you use the Redis option? Or is a refresh timeout of 30 minutes too low and usually it's expected to be much higher to avoid this issue?

Any advice appreciated

Tom Chamberlain
  • 2,955
  • 20
  • 24

1 Answers1

0

i've been confronted with the same problem a few days ago, the only solution that i've found is to use https (instead of http) for my requests. However i dont't understand why this solved the problem (And why it was only for POST requests).

Flo-Ride
  • 1
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jun 20 '23 at 12:55