OIDC error: «Vault login failed. Expired or missing OAuth state»

M1chael · January 30, 2024, 10:25am

We use Vault OIDC Google auth and have an issue with one of our users. It happened several months ago: he couldn’t log in using OIDC and got an error:

Vault login failed. Expired or missing OAuth state

That time it was solved by the alias and entity deletion for this user. Now it happened again with the same user and the old solution doesn’t work. He tried incognito mode and different browsers: but nothing helped and there was no evidence of his tries in the Vaullt logs. No one else has faced this problem.

What could be the root cause? How can it be fixed?

urli-by · March 22, 2024, 5:07pm

We have the same issue with one of users, and cannot solve it .

daobq · March 23, 2024, 8:53am

please delete your vault-token file and try login again. Maybe your vault token expired. In MacOS, you can try rm -rf ~/.vault-token

phil.brocker_hashico · March 27, 2024, 2:22pm

I have had this issue off and on as well. I have tried clearing my browser cache and loggging out of okta. Removing the ~/.vault-token did not fix the issue for me.