Issue - #143

Authelia OIDC login was failing due to missing or insufficient state parameter length. Error: “The state is missing or does not have enough characters and is therefore considered too weak.”

Solution

• Implemented secure state parameter using UUID (36 chars) to meet Authelia’s 8-char minimum requirement
• Added proper state parameter handling in OIDC flow:
  • Generation: Using UUID.uuid4()
  • Storage: In session with “oidc_state” key
  • Validation: Compare received state with stored state
  • Cleanup: Clear state after successful validation
• Uses cryptographically secure UUID
• Implements CSRF protection via state parameter
• Follows OIDC best practices for state handling

Solves - #143 /claim #143