Grant does not work when cookies are blocked

[ArvindhMangoleap]

This is my config object.

const config = {
    defaults: { origin: ORGIN, state: true, prefix: "/api/account/:accountId",  },
    google: { key: GOOGLE_CLIENT_ID, secret: GOOGLE_CLIENT_SECRET, scope: ["openid"], nonce: true },
};

I am getting dynamic accountId and I need to send that in state rather than having a random state.

[simov]

No that's not possible. But why not send the account ID as state in this case:

/connect/:provider?state=accountId

Another way is hide the Grant connect endpoint behind yours.

[ArvindhMangoleap]

Thank you for the quick reply.

[ArvindhMangoleap]

I am getting this error

error=Grant%3A%20missing%20session%20or%20misconfigured%20provider#

{
    defaults: { origin: ORGIN },
    google: {
        key: GOOGLE_CLIENT_ID,
        secret: GOOGLE_CLIENT_SECRET,
        scope: ["openid", "https://mail.google.com/"],
        nonce: true,
        dynamic: ["state"],
        custom_params: { access_type: "offline", prompt: "consent" },
    },
}

Am I missing something in my config?

[ArvindhMangoleap]

Update:
The problem seems to appear only when I block the cookies. It works fine when I allow cookies.

Is there a way to solve this without using cookies or session storage.

[simov]

No, cookies are required in order to execute the OAuth flow. After you receive the access token you are free to destroy the session if you want.

You can read about different cookie configuration options here #199