BIG-IP APM OAuth Client: state parameters do not match

Question

Hi,I have BIG-IP APM installed , it is a simple Virtual Server with Access policy for OAuth Client/ Resouce server integrated with Okta. When I try to access a recource on the server it redirects me Okta and gets the access code but when connects to F5 APM again it Deny's the access and through following error.Common/XXXOktaAP:Common:541531e8:/Common/XXXOktaAP_act_oauth_client_ag: OAuth Client: 'state' parameters do not match (expected=5XYrM28-OiGYD4UOwPf40gA, received=5xyrm28-oigyd4uowpf40ga) for server '/Common/XXXOktaServer' (client_id=0oa5rwhe5nmDhoiK8697)It looks like iexpected vs received is just letters case sensitive, but I don't see this information anywhere in the communication request/response.When I serched up for in tech docs I found thisOAuth Client: state parameters do not matchThis is an internal APMD error; this error should not occur.What does this mean? any help would be appreciated.ThanksMadhava

madhava · Accepted Answer

Ok found the root cause,&nbsp; problem is on ourside side. This is not a Browser driven environment but an headless client make these calls and it is manipulating the OAuth response to convert into lower case causing this failure.&nbsp;Thanks

Forum Discussion

BIG-IP APM OAuth Client: state parameters do not match

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Requirement for BIG-IQ VM Deployment in AWS

Can't change sync type or failover after tenant upgrade.

Cannot ping external interface

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 asm/awaf

Related Content

Automating Certificate Management on F5 BIG-IP

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

Introducing the F5 AI Assistant for BIG-IP

F5 BIG-IP Zero Trust with BIG-IP SSL Orchestrator

BIG-IP security hardening and compliance checks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS