OIDC login via Authelia fails: "The state is missing or does not have enough characters and is therefore considered too weak."

[ginkel]

Version:

• listmonk: v4.0.1
• OS: Docker on Ubuntu 22.04

Description of the bug and steps to reproduce:
Hi there,

I tried to integrate v4.0.1 with our OIDC IdP: Authelia. Unfortunately, the login fails with the following error:

The state is missing or does not have enough characters and is therefore considered too weak. Request parameter "state" must be at least be 8 characters long to ensure sufficient entropy.

In the Developer Tool's Network tab I can see the following choreography:

https://listmonk.<domain>/auth/oidc
https://sso.<domain>/api/oidc/authorization?client_id=listmonk&nonce=2xk25q4uKTY*****&redirect_uri=https%3A%2F%2Flistmonk.<domain>%2Fauth%2Foidc&response_type=code&scope=openid+profile+email&state=%2Fadmin
https://listmonk.<domain>/auth/oidc?error=invalid_state&error_description=The+state+is+missing+or+does+not+have+enough+characters+and+is+therefore+considered+too+weak.+Request+parameter+%27state%27+must+be+at+least+be+8+characters+long+to+ensure+sufficient+entropy.&iss=https%3A%2F%2Fsso.<domain>&state=%2Fadmin

Any ideas?

Thanks,
Thilo

Edit: Some googling later it seems that seeding the state parameter with a secure random is considered a best-practice.

[kosssi]

I have the same error, thanks @knadh to have already corrected it 👏 (how can I test it? Do you release 4.1.0 soon as?). When is it release I post the configuration on Authelia website ;)