Danske - State is not being provided

Description

We have noticed that you are not including the state value when redirecting back from your authorization journey. Because you do not return return state to us, we cannot match this to the original request.

Two example urls that we use to call your journey:
https://obp-auth.danskebank.com/open-banking/business/oauth2/authorize?client_id=d4097dc24af35986b58b6d1862a8e7f5a3396ff25dd2360319bcfe84ccd54e64&scope=openid%20accounts&response_type=code%20id_token&redirect_uri=https%3A%2F%2Fredirector.openwrks.com%2Fopen-banking%2Fcallback&state=uUrm8pZ1DkKHPWZDrp91xRAu9x9RAGh0dHA6Ly9mbG93LWxhYi1hei5vcGVud3Jrcy5jb20vN2U2OWU5ZmYtMGNhZi00MTA3LWFlYjUtMGJlZDEwNzY0MGNjL3RzcC9jYWxsYmFja2c&nonce=28ac9a96f89d4d9991c648e11962b6ea&request=eyJhbGciOiJSUzI1NiIsImtpZCI6IllGZFJUMDBnZWJXZ0xiN1hSMmRzZ0w0VkdIcyIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL29icC1hcGkuZGFuc2tlYmFuay5jb20iLCJpc3MiOiJkNDA5N2RjMjRhZjM1OTg2YjU4YjZkMTg2MmE4ZTdmNWEzMzk2ZmYyNWRkMjM2MDMxOWJjZmU4NGNjZDU0ZTY0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJjbGllbnRfaWQiOiJkNDA5N2RjMjRhZjM1OTg2YjU4YjZkMTg2MmE4ZTdmNWEzMzk2ZmYyNWRkMjM2MDMxOWJjZmU4NGNjZDU0ZTY0IiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9yZWRpcmVjdG9yLm9wZW53cmtzLmNvbS9vcGVuLWJhbmtpbmcvY2FsbGJhY2siLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyIsInN0YXRlIjoidVVybThwWjFEa0tIUFdaRHJwOTF4UkF1OXg5UkFHaDBkSEE2THk5bWJHOTNMV3hoWWkxaGVpNXZjR1Z1ZDNKcmN5NWpiMjB2TjJVMk9XVTVabVl0TUdOaFppMDBNVEEzTFdGbFlqVXRNR0psWkRFd056WTBNR05qTDNSemNDOWpZV3hzWW1GamEyYyIsIm5vbmNlIjoiMjhhYzlhOTZmODlkNGQ5OTkxYzY0OGUxMTk2MmI2ZWEiLCJleHAiOjE1NjQ1MTQ4ODksImNsYWltcyI6eyJpZF90b2tlbiI6eyJvcGVuYmFua2luZ19pbnRlbnRfaWQiOnsidmFsdWUiOiJ1cm46YWNjb3VudHM6djI6MzMzZWU2ZjAtZDNlNi00NzkwLTgyZDktYmMwZWE2ZTJiZTM5IiwiZXNzZW50aWFsIjp0cnVlfSwiYWNyIjp7ImVzc2VudGlhbCI6dHJ1ZSwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIHVybjpvcGVuYmFua2luZzpwc2QyOmNhIn19fX0.hnbBJ-IxA--dWAsv8-aosst4T6iUu6DztZSNflOpXIN8X1pS1JVDf2DKTD6mMv6EL_c7jddtDClshD42N1QVLA9Hh63UGgxl6Zqgr565_NjFBThtTrO5LJHF4sPhpJ8A0r44hj_z1H9JJxxMEMyzcPrfRH9Wnl6dXIxZloWIH0yRa6dIWKoMl9QkZ-9TNVbLakoavwVk5s3seGw9L8Yu79Sg8sRRgXwj4NLs7HIbxK-_k8nF_fdSgGF3lNNWuzM8rmn-pXFzy0zA3Hlu_mvBFKYtdjO83o2E00bQMXUGNwL7WrOQwqeu_BGjIyGCHS1M-cu6b91a1jd54-eobRhOoQ

https://obp-auth.danskebank.com/open-banking/business/oauth2/authorize?client_id=d4097dc24af35986b58b6d1862a8e7f5a3396ff25dd2360319bcfe84ccd54e64&scope=openid%20accounts&response_type=code%20id_token&redirect_uri=https%3A%2F%2Fredirector.openwrks.com%2Fopen-banking%2Fcallback&state=uUrm8pZ1DkKHPWZDrp91xRAu9x9RAGh0dHA6Ly9mbG93LWxhYi1hei5vcGVud3Jrcy5jb20vN2U2OWU5ZmYtMGNhZi00MTA3LWFlYjUtMGJlZDEwNzY0MGNjL3RzcC9jYWxsYmFja2c&nonce=28ac9a96f89d4d9991c648e11962b6ea&request=eyJhbGciOiJSUzI1NiIsImtpZCI6IllGZFJUMDBnZWJXZ0xiN1hSMmRzZ0w0VkdIcyIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL29icC1hcGkuZGFuc2tlYmFuay5jb20iLCJpc3MiOiJkNDA5N2RjMjRhZjM1OTg2YjU4YjZkMTg2MmE4ZTdmNWEzMzk2ZmYyNWRkMjM2MDMxOWJjZmU4NGNjZDU0ZTY0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJjbGllbnRfaWQiOiJkNDA5N2RjMjRhZjM1OTg2YjU4YjZkMTg2MmE4ZTdmNWEzMzk2ZmYyNWRkMjM2MDMxOWJjZmU4NGNjZDU0ZTY0IiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9yZWRpcmVjdG9yLm9wZW53cmtzLmNvbS9vcGVuLWJhbmtpbmcvY2FsbGJhY2siLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyIsInN0YXRlIjoidVVybThwWjFEa0tIUFdaRHJwOTF4UkF1OXg5UkFHaDBkSEE2THk5bWJHOTNMV3hoWWkxaGVpNXZjR1Z1ZDNKcmN5NWpiMjB2TjJVMk9XVTVabVl0TUdOaFppMDBNVEEzTFdGbFlqVXRNR0psWkRFd056WTBNR05qTDNSemNDOWpZV3hzWW1GamEyYyIsIm5vbmNlIjoiMjhhYzlhOTZmODlkNGQ5OTkxYzY0OGUxMTk2MmI2ZWEiLCJleHAiOjE1NjQ1MTQ4ODksImNsYWltcyI6eyJpZF90b2tlbiI6eyJvcGVuYmFua2luZ19pbnRlbnRfaWQiOnsidmFsdWUiOiJ1cm46YWNjb3VudHM6djI6MzMzZWU2ZjAtZDNlNi00NzkwLTgyZDktYmMwZWE2ZTJiZTM5IiwiZXNzZW50aWFsIjp0cnVlfSwiYWNyIjp7ImVzc2VudGlhbCI6dHJ1ZSwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIHVybjpvcGVuYmFua2luZzpwc2QyOmNhIn19fX0.hnbBJ-IxA--dWAsv8-aosst4T6iUu6DztZSNflOpXIN8X1pS1JVDf2DKTD6mMv6EL_c7jddtDClshD42N1QVLA9Hh63UGgxl6Zqgr565_NjFBThtTrO5LJHF4sPhpJ8A0r44hj_z1H9JJxxMEMyzcPrfRH9Wnl6dXIxZloWIH0yRa6dIWKoMl9QkZ-9TNVbLakoavwVk5s3seGw9L8Yu79Sg8sRRgXwj4NLs7HIbxK-_k8nF_fdSgGF3lNNWuzM8rmn-pXFzy0zA3Hlu_mvBFKYtdjO83o2E00bQMXUGNwL7WrOQwqeu_BGjIyGCHS1M-cu6b91a1jd54-eobRhOoQ

We have seen this when clicking cancel on the login page. - this could also be happening when completing a consent too.

This is non conformant with the OIDC spec. A customer actually raised this with us so if you could give us some idea of when this will be fixed, we can communicate this to Xero.

If you need anything else from us then please let me know.

Technical Impact

None

Workaround

None

Resolution Notes

None

Impact Assessment

None

Status

Assignee

Unassigned

Reporter

Beejal Nagar

Reference

None

Service Desk Reference

OBSD-10013

ASPSP

Query Type

None

Created (Original)

None

TPP Impact

Highest

TPP

OB Environment

None

Business Impact Severity

None

Share

Yes
Configure