How to fix CSRF issue in node-linkedin?

Question

How to fix CSRF issue in node-linkedin?

I am using node-linkedin for linked access from my web application.

Problem

Error { [CSRF Alert: Possible CSRF attack, state parameters do not match.] name: 'CSRF Alert' }

the code

  var Linkedin = require('node-linkedin')('apikey', 'secret', 'callback'); Linkedin.auth.getAccessToken(res, req.query.code, req.query.state, function (err, results) { if(err){ return console.error("Error", err); } return res.redirect('/index'); });

Any suggestions to fix this problem

+4

node.js npm oauth-2.0 csrf linkedin

karthick Jul 29 '15 at 6:39

source share

1 answer

JagsSparrow · Answer 1 · 2015-12-25T14:55:34+0000

Library issue detected.

When I scale the nodejs application to use more than two instances, it gives an error,

 Error { [CSRF Alert: Possible CSRF attack, state parameters do not match.] name: 'CSRF Alert' }

Since the "states" parameter in auth.js uses memory, this will create a problem for scaling the application.

Scenario

'/ oauth / linkedin' goes to App-0 (creates a state parameter “xxxx” + in memory) '/ oauth / linkedin / callback ”goes to App-1 (here it will check whether the received state is“ xxxx "+ check whether in memory)

Recorded problem here

Using a sticky session in nginx to solve this problem.

How to fix CSRF issue in node-linkedin?

Problem

the code

More articles: