OAuth2 filter: csrf token validation failed when multiple requests access a route with OAuth2 filter simultaneously

*Title*: *csrf token validation failed when multiple requests access a route with OAuth2 filter simultaneously*

*Description*:

When multiple concurrent requests hit a route protected by the OAuth2 filter, only the last request completes successfully. The other requests fail with error "OAuth flow failed", and envoy log reports that “csrf token validation failed” or "PKCE verification failed: Code mismatch".

*Repro steps*:
1. Open multiple browser tabs pointing to a URL that requires OAuth2 filter authentication.
2. In the first tab, log in using valid user credential.
3. After successful login, the last tab is redirected correctly to the target URL, while the others display "OAuth flow failed".

Originally reported at Envoy Gateway: https://github.com/envoyproxy/gateway/issues/7205


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OAuth2 filter: csrf token validation failed when multiple requests access a route with OAuth2 filter simultaneously #41902

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OAuth2 filter: csrf token validation failed when multiple requests access a route with OAuth2 filter simultaneously #41902

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions