Error using OAuth2Provider on Safari - State cookie doesn't exist

#1

Hi, getting an error:
[warn] c.m.p.s.i.p.s.CsrfStateItemHandler - [Silhouette][CsrfStateItemHandler] State cookie doesn’t exists for name: OAuth2State
com.mohiva.play.silhouette.impl.exceptions.OAuth2StateException: [Silhouette][CsrfStateItemHandler] State cookie doesn’t exists for name: OAuth2State
at com.mohiva.play.silhouette.impl.providers.state.CsrfStateItemHandler.clientState(CsrfStateItemHandler.scala:175)
at com.mohiva.play.silhouette.impl.providers.state.CsrfStateItemHandler.canHandle(CsrfStateItemHandler.scala:110)
at com.mohiva.play.silhouette.impl.providers.DefaultSocialStateHandler.$anonfun$unserialize$3(SocialStateProvider.scala:289)
at com.mohiva.play.silhouette.impl.providers.DefaultSocialStateHandler.$anonfun$unserialize$3$adapted(SocialStateProvider.scala:289)
at scala.collection.immutable.Set$Set2.find(Set.scala:139)
at com.mohiva.play.silhouette.impl.providers.DefaultSocialStateHandler.$anonfun$unserialize$2(SocialStateProvider.scala:289)
at scala.collection.immutable.List.map(List.scala:283)
at com.mohiva.play.silhouette.impl.providers.DefaultSocialStateHandler.$anonfun$unserialize$1(SocialStateProvider.scala:288)
when we try to login with Google twice or more on Safari. It works the very first time you login to Google, but after that it errors out with the above exception. Looks like somehow the OAuth2 cookie isn’t getting set properly. This works perfectly on Chrome.

0 Likes

#2

Figured this out. Seems like the issue is with the sameSite option on the cookie. If set to Lax, Safari doesn’t seem to send the OAuth2State cookie. If set to null, this seems to work on Safari.

0 Likes